Conversation

In Oct 2020, we discovered seven 0-day exploits in-the-wild from two exploit servers. The exploit chains targeted Android, Windows, and iOS devices. Each step we take towards making 0-day hard, makes all of us safer. googleprojectzero.blogspot.com/2021/03/in-wil

182

550

Replying to

and

Thanks for sharing, awesome work! The exploit table really shows how effective the Android/Linux sandboxing model is for chrome. Other platforms seem to go renderer->kernel, but the tight seccomp policy on Linux makes that jump extremely tough.

Replying to

and

By the way, the Layer-1 Chromium sandbox on Android is available to every other app via isolatedProcess="true" on service processes. It's massively underused. It would be nice if it gave you an easy way to set up a comparable seccomp-bpf filter too. It's tricky to do yourself.

10:15 PM · Mar 18, 2021Twitter Web App

Replying to

and

Setting up seccomp filters is extremely tough, especially on an active code base. Requires a lot of maintenance if you want to be strict. Even if the code base is static, updating libraries/dependencies means updating the policy. Edge case violations are really hard to find.

Replying to

and

It's particularly hard to do it in a way that's portable across a bunch of OS variants without the OS helping you do it. It's really hard for an app or library to do it. It's ideally provided by the OS. Android does use seccomp-bpf for app sandboxes but not strict/fine-grained.

Show replies