Techly NewsGet the app

Get the latest tech news

Escaping the Chrome Sandbox Through DevTools


This blog post details how I found CVE-2024-6778 and CVE-2024-5836, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.

Running untrusted Javascript on chrome:// pages is a common attack vector, so the receiving end of these private APIs perform some validation to ensure that they're not doing anything that the user couldn't otherwise do normally. Going back to the chrome://downloads example, Chromium protects against that exact scenario by requiring that to open a file from the downloads page, the action that triggers it has to come from an actual user input and not just Javascript. Additionally, it isn't a good idea to ship completely undocumented, incomplete, and insecure features to everyone, as was the case with the policy test page bug.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of devtools

devtools

Photo of chrome sandbox

chrome sandbox

Related news:

News photo

This month in Servo: tabbed browsing, Windows buffs, devtools, and more

News photo

Chrome DevTools now uses Gemini to help with JavaScript Errors in the console

News photo

Mux (YC W16) is hiring engineering managers for video at scale

« SpaceX Requests Starlink Gen2 Modification, Previews Gigabit-Speeds
Self-Driving Startup Pony.ai Said to Plan to Publicly File for US IPO This Week »