Скачать с ютуб BlueHat IL 2020 - Amy Burnett - Forget the Sandbox Escape: Abusing Browsers from Code Execution в хорошем качестве

BlueHat IL 2020 - Amy Burnett - Forget the Sandbox Escape: Abusing Browsers from Code Execution

The complexity of JavaScript and Web APIs has led to an increase in vulnerabilities found in modern web browsers. Many of these vulnerabilities are relatively easy to exploit and lead to full code execution within the browser process. To combat this, browser vendors have worked to secure their platforms through sandboxing. With a sandbox, exploits can only hijack control of the renderer process (the process which displays the webpage) and are not able to interact with the rest of the system to install malware or execute other payloads. An advanced attacker may try to find holes in the sandbox to gain access to the full system, but this requires finding more bugs and spending more engineering efforts. However, if we forgo the sandbox escape, there is still interesting functionality the renderer process is allowed to access. This talk will examine the functionality available to a compromised renderer process and see how it can be abused to compromise browser users. We will also look at how this could be used on up-to-date browsers though "patch - gapping". Finally, we will see how there is a changing landscape in recent years and what strides taken towards a more isolated renderer processes. ​