Techly NewsGet the app

Get the latest tech news

Universal Code Execution by Chaining Messages in Browser Extensions


By chaining various messaging APIs in browsers and browser extensions, I demonstrate how we can jump from web pages to “universal code execution”, breaking both Same Origin Policy and the browser sandbox. I provide two new vulnerability disclosures affecting millions of users as examples. In addition, I demonstrate how such vulnerabilities can be discovered at scale with a combination of large dataset queries and static code analysis.

In addition, I demonstrate how such vulnerabilities can be discovered at scale with a combination of large dataset queries and static code analysis. However, thanks to the ever-growing capabilities of browser extension APIs and dangerously-implemented native messaging protocols, a far more impactful vulnerability can exploited - universal code execution. Utilising the same embedding page commuication pattern, the background script accepts the following message type that simply returns all cookies for the requested domain:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of messages

messages

Photo of browser extensions

browser extensions

Related news:

News photo

WhatsApp Business is changing its rates for messages as it aims to reduce marketing spam

News photo

Dr Disrespect admits Twitch ban due to messages with minor "in the direction of being inappropriate"

News photo

Twitch banned Dr Disrespect after viewing messages sent to a minor, say former employees

« Hurricanes Are Trapping Small Island Nations in Ever-Worsening Spirals of Debt
Prime Day deals include the Ninja Creami ice cream maker for $150 »