Escaping Modern Web-Based App Sandboxes - Site Isolation Vulnerabilities

Explore the vulnerabilities in Chrome's process isolation and Site Isolation security features in this 36-minute Black Hat conference talk. Delve into an exploitation method for Chrome on Android that enables Universal Cross-Site Scripting (UXSS) through renderer Remote Code Execution (RCE). Examine how this exploit, while limited in Chrome's threat model, can be leveraged in various Chromium-based applications like libcef and webview. Investigate security issues in PC-based libcef applications, pre-installed mobile browsers, and Android Webview applications that allow attackers to escape the Chrome sandbox from a compromised renderer. Learn about potential malicious actions, including remote code execution, silent app installation, and user data theft. Gain insights from senior security researchers at Tencent Security Xuanwu Lab on the limitations of current Site Isolation defense strategies and their implications for web-based application security.

The Hole in Sandbox: Escape Modern Web-Based App Sandbox From Site-Isolation Perspective