はてなブックマーク

Posted Jun 2, 2021 2021-06-02T07:00:00-07:00 by Abdulrahman Alqabandi IntroductionWhen it comes to an application’s user interface (UI), one may care for the aesthetics, design consistency, simplicity, and clarity to ensure a good UI. However, an application like a browser where untrusted content is loaded, parsed, and given APIs to invoke all sorts of UIs then a new layer of concern appears: Desi

Posted Mar 26, 2021 2021-03-26T09:30:00-07:00 by Jun Kokatsu After the research on Site Isolation, it became clear that the most common problem with extensions is calling chrome.tabs.create with a URL received from a content script message. While such a bug can be used to steal local files, it can also open up an interesting attack surface, which is the navigation to WebUI. In this blog post, we w

Posted Dec 28, 2020 2020-12-28T09:25:00-08:00 by Jun Kokatsu In the previous blog post, I explained how Site Isolation and related security features help mitigate attacks such as UXSS and Spectre. However, security bugs in a renderer process are really common, and therefore Chromium’s threat model assumes that a renderer process can be compromised and it can’t be trusted. To align with this threat

Posted Nov 10, 2020 2020-11-10T10:00:00-08:00 by Jun Kokatsu Back in 2018, Chrome enabled Site Isolation by default, which mitigates attacks such as UXSS and Spectre. At the time, I was actively participating in the Chrome Vulnerability Reward Program, and I was able to find 10+ bugs in Site Isolation, resulting in $32k rewards. In this blog post series, I will explain how Site Isolation and relat

Posted Oct 15, 2020 2020-10-15T15:30:00-07:00 by Johnathan Norman Security is a top priority for Edge and deciding to build a new browser gave us the opportunity to take the lessons learned over many years and rethink our approach to securing the new Microsoft Browser. We knew that securing the browser is about more than just adding new features; it requires a coordinated combination of rapid resp