| ▲ | josefx 2 hours ago | |
I heard they once created an entire language that would replace C++ in all their projects. Obviously they never rewrote Chrome in Go. > 10s of billions are spent to try to get Chromium to not have these vulnerabilities, using those tools. And here we are. Shouldn't pages run in isolated and sandboxed processes anyway? If that exploit gets you anywhere it would be a failure of multiple layers. | ||
| ▲ | stackghost 2 hours ago | parent [-] | |
They do run in a sandbox, and this exploit gives the attacker RCE inside the sandbox. It is not in and of itself a sandbox escape. However if you have arbitrary code execution then you can groom the heap with malloc/new to create the layout for a heap overflow->ret2libc or something similar | ||