Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Escaping Modern Web-Based App Sandboxes - Site Isolation Vulnerabilities

Black Hat via YouTube

Overview

Explore the vulnerabilities in Chrome's process isolation and Site Isolation security features in this 36-minute Black Hat conference talk. Delve into an exploitation method for Chrome on Android that enables Universal Cross-Site Scripting (UXSS) through renderer Remote Code Execution (RCE). Examine how this exploit, while limited in Chrome's threat model, can be leveraged in various Chromium-based applications like libcef and webview. Investigate security issues in PC-based libcef applications, pre-installed mobile browsers, and Android Webview applications that allow attackers to escape the Chrome sandbox from a compromised renderer. Learn about potential malicious actions, including remote code execution, silent app installation, and user data theft. Gain insights from senior security researchers at Tencent Security Xuanwu Lab on the limitations of current Site Isolation defense strategies and their implications for web-based application security.

Syllabus

The Hole in Sandbox: Escape Modern Web-Based App Sandbox From Site-Isolation Perspective

Taught by

Black Hat

Reviews

Start your review of Escaping Modern Web-Based App Sandboxes - Site Isolation Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.