by Amir Khashayar Mohammadi
Is “sandboxing” the local browser really the cure-all for inherent browser vulnerabilities that the developers of supposedly “secure” browsers make it out to be?
Or is it just one more attempt to put lipstick on an aging pig with progressing health problems?
Much like with security patches and browser updates, the answer is not that simple. Putting the fix in can open the door for new and different exploits that allow attackers to pwn the local machine.
Which methods have been applied so far to break local browser and app sandboxes?
Let’s take a closer look. You will be surprised.
Breakouts from the beginning
Local browser sandboxing was first introduced by Google for the Chrome browser, as a layer of isolation designed to keep third-party processes confined to the browser and prevent them from harming the local machine’s environment.
The problem with this form of isolation is that it is far from perfect.
The smallest hole