←back to thread

Escaping the Chrome Sandbox Through DevTools

(ading.dev)
406 points vk6 | 1 comments | 17 Oct 24 05:55 UTC | HN request time: 0.2s | source
Show context
Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]
Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.
replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #
faangguyindia ◴[17 Oct 24 11:35 UTC] No.41868628[source]
Chrome needs to be rewritten in Rust asap
replies(4): >>41869138 #>>41869301 #>>41871064 #>>41873446 #
z3phyr ◴[17 Oct 24 12:44 UTC] No.41869138[source]
Malwares are going to be written in rust; What difference does it make? Also Its not memory based vulnerability but policy based vulnerability.
replies(1): >>41870157 #
1. echoangle ◴[17 Oct 24 14:45 UTC] No.41870157[source]
But at least the vulnerability would be blazingly fast