Lädt...


🎥 The Hole in Sandbox: Escape Modern Web-Based App Sandbox From Site-Isolation Perspective


Nachrichtenbereich: 🎥 IT Security Video
🔗 Quelle: youtube.com

Author: Black Hat - Bewertung: 6x - Views:40

Process isolation is a crucial security feature in the Chrome browser. In the early stages, process isolation was only implemented as out-of-process render (Sandboxed Renderer). With the emergence of new attack methods such as UXSS and Spectre, which can steal or speculate on data from the render process, Chrome introduced the concept of Site Isolation, advocating for a more refined process isolation. It gradually introduced multiple security strategies, standing from the perspective of defending against attacks in the user login state, preventing attackers from stealing user data.

In this talk, we initially found an exploitation method applicable to Chrome for Android, transitioning from a renderer Remote Code Execution (RCE) to Universal Cross-Site Scripting (UXSS). We can inject JavaScript code into the majority of websites with this method. However, in the threat model envisioned by Google Chrome, this method cannot cause further harm. However, Chromium is used as a browser component in the development of applications on various platforms, such as libcef, webview, etc. Is our exploit method effective in these scenarios?

Through research, we found that application developers often implement certain privileged APIs, which allow browser components loaded with whitelisted domains to execute certain high-risk operations. The most important, these operations does not require the user to maintain a logged-in state on the webpage, which breaks Chrome's current defense strategy against Site Isolation.

We researched three categories of applications with different site-isolation levels: PC-based libcef applications, pre-installed mobile browsers, and Android Webview applications. As expected, we found a series of security issues. These vulnerabilities allow attackers to escape the Chrome sandbox from a compromised sandboxed renderer. Specifically, we can achieve remote code execution, silently install and launch arbitrary applications, steal user private data and other high-risk malicious behaviors.

By:
Bohan Liu | Senior Security Researcher, Tencent Security Xuanwu Lab
Haibin Shi | Senior Security Researcher, Tencent Security Xuanwu Lab

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-24/briefings/schedule/#the-hole-in-sandbox-escape-modern-web-based-app-sandbox-from-site-isolation-perspective-37166

...

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 39.47 Punkte
🔧 Programmierung

🕵️ Researchers disclose critical sandbox escape bug in vm2 sandbox library


📈 29.29 Punkte
🕵️ Hacking

🕵️ CVE-2024-36052 | Rarlab WinRAR up to 6.x on Windows ANSI Escape Sequence escape output


📈 24.54 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2022-46663 | GNU Less up to 608 ANSI Escape escape output


📈 24.54 Punkte
🕵️ Sicherheitslücken

🐧 An AMD (EPYC) escape: Case-study of a KVM breakout that turned into a full virtual machine escape


📈 24.54 Punkte
🐧 Linux Tipps

💾 Escape Covid-19 - Online Escape Game Deutsch


📈 24.54 Punkte
💾 Downloads

📰 „Escape: A Game“ – Ein Escape-Room-Spiel in Google Docs


📈 24.54 Punkte
📰 IT Nachrichten

🕵️ High CVE-2020-11108: Pi-hole Pi-hole


📈 24.48 Punkte
🕵️ Sicherheitslücken

🕵️ Low CVE-2020-35592: Pi-hole Pi-hole


📈 24.48 Punkte
🕵️ Sicherheitslücken

🕵️ Low CVE-2020-35659: Pi-hole Pi-hole


📈 24.48 Punkte
🕵️ Sicherheitslücken

🕵️ Medium CVE-2020-8816: Pi-hole Pi-hole


📈 24.48 Punkte
🕵️ Sicherheitslücken

📰 Hole Stats für macOS zeigt euch Pi-Hole-Statistiken an


📈 24.48 Punkte
📰 IT Nachrichten

📰 Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices


📈 23.74 Punkte
📰 IT Security Nachrichten

🕵️ Microsoft published exploit code for a macOS App sandbox escape flaw


📈 23.74 Punkte
🕵️ Hacking

🎥 Cross-Site Escape: Pwning macOS Safari Sandbox the Unusual Way


📈 23.56 Punkte
🎥 IT Security Video

🔧 Exploring Svelte and Vue.js: A Newbie's Perspective on Modern Frontend Technologies.


📈 21.74 Punkte
🔧 Programmierung

🔧 How Web GDE Martine Dowden approaches web design from an accessibility perspective


📈 21.67 Punkte
🔧 Programmierung

🎥 DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas


📈 20.85 Punkte
🎥 IT Security Video

⚠️ [local] Microsoft Internet Explorer 11 - Sandbox Escape


📈 20.78 Punkte
⚠️ PoC

⚠️ [local] Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape


📈 20.78 Punkte
⚠️ PoC

🕵️ Expert published PoC exploit code for macOS sandbox escape flaw


📈 20.78 Punkte
🕵️ Hacking

💾 virtualenv 16.0.0 Sandbox Escape


📈 20.78 Punkte
💾 IT Security Tools

📰 Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover


📈 20.78 Punkte
📰 IT Security Nachrichten

📰 Chrome Sandbox Escape Vulnerability Earns Researchers $20,000


📈 20.78 Punkte
📰 IT Security Nachrichten

⚠️ #0daytoday #Microsoft #InternetExplorer11 - #Sandbox Escape Exploit [remote #exploits #0day #Exploit]


📈 20.78 Punkte
⚠️ PoC

⚠️ Apple iOS Sandbox Escape


📈 20.78 Punkte
⚠️ PoC

📰 PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability


📈 20.78 Punkte
📰 IT Security Nachrichten

🐧 Ubuntu is still shipping Flatpak packages affected by the sandbox escape vulnerability posted here last week


📈 20.78 Punkte
🐧 Linux Tipps

💾 Firefox Default Content Process DACL Sandbox Escape


📈 20.78 Punkte
💾 IT Security Tools

💾 iOS / MacOS iohideventsystem Sandbox Escape


📈 20.78 Punkte
💾 IT Security Tools

📰 Patched Flash Player Sandbox Escape Leaked Windows Credentials


📈 20.78 Punkte
📰 IT Security Nachrichten

📰 Critical Open Source vm2 Sandbox Escape Bug Affects Millions


📈 20.78 Punkte
📰 IT Security Nachrichten

matomo