Cisco Talos discloses technicals details of Chrome, Firefox flaws

Discussion in 'other security issues & news' started by mood, Jul 5, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,193
    Cisco Talos discloses technicals details of Chrome, Firefox flaws
    July 5, 2020
    https://securityaffairs.co/wordpress/105547/security/talos-chrome-firefox-flaws.html
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,923
    Location:
    The Netherlands
    Weird, once again it's not clear if they were able to bypass the sandbox in both Chrome and Firefox. Normally, if they were able to run malware, it's still restricted by the sandbox, so it runs with low rights.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,009
    Location:
    U.S.A.
    Leaked memory as I understand it is available but unallocated memory. In other words, it is no longer associated with the active browser process. As such, it is no longer inhibited by any restrictions employed by the leaker processes.

    Memory leaks are serious and other processes have been known to leak memory.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,923
    Location:
    The Netherlands
    From what I understood, it's no longer enough for hackers to simply get remote code execution. They need to combine it with a second exploit that let's them escape the sandbox. This can be either a sandbox exploit in the browser or a Windows kernel exploit in the OS. For example, a tool like Sandboxie would most likely still contain the malware even if hackers used a sandbox exploit inside the browser.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.