News Score: Score the News, Sort the News, Rewrite the Headlines

Universal Code Execution by Chaining Messages in Browser Extensions

Jul 7, 2024 · 2111 words · 10 minute read By chaining various messaging APIs in browsers and browser extensions, I demonstrate how we can jump from web pages to “universal code execution”, breaking both Same Origin Policy and the browser sandbox. I provide two new vulnerability disclosures affecting millions of users as examples. In addition, I demonstrate how such vulnerabilities can be discovered at scale with a combination of large dataset queries and static code analysis. Note: The extension...

Read more at spaceraccoon.dev

© News Score  score the news, sort the news, rewrite the headlines