The PPAPI implementation in Google Chrome prior to 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote malicious users to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
A Collection of Chrome Sandbox Escape POCs/Exploits for learning
Case Study of Chrome Sandbox Escape A Collection of Chrome Sandbox Escape POCs/Exploits for learning Permission Allowed Issues Issue Type Summary Label Reporter Links crbug-1062091 MojoJS POC UAF in InstalledAppProviderImpl M-81, reward-25000 Tim Becker Theori Blog crbug-1055393 HTML POC UAF in Accessibility M-81, M-82, reward-20000 Pawel Wylecial RedTeam Blog crbug
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.
That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday.
Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.
Among the other serious vulne...
Version 52.0.2743.82 of Google Chrome was released today that contains 48 security fixes. Of those 48 fixes, 17 were highlighted as coming from external sources and being eligible for a bounty for their disclosure.
Of these external disclosures, $21,000 was paid in bounties, with the amount for the other 11 disclosures still being determined. The highest bounty was paid to Pinkie Pie, the well known Chrome hacker who won Google’s Pwnium competition in 2012, for discoveri...