Conversation

In Oct 2020, we discovered seven 0-day exploits in-the-wild from two exploit servers. The exploit chains targeted Android, Windows, and iOS devices. Each step we take towards making 0-day hard, makes all of us safer. googleprojectzero.blogspot.com/2021/03/in-wil

182

550

Replying to

and

Thanks for sharing, awesome work! The exploit table really shows how effective the Android/Linux sandboxing model is for chrome. Other platforms seem to go renderer->kernel, but the tight seccomp policy on Linux makes that jump extremely tough.

Replying to

and

By the way, the Layer-1 Chromium sandbox on Android is available to every other app via isolatedProcess="true" on service processes. It's massively underused. It would be nice if it gave you an easy way to set up a comparable seccomp-bpf filter too. It's tricky to do yourself.

Replying to

and

Setting up seccomp filters is extremely tough, especially on an active code base. Requires a lot of maintenance if you want to be strict. Even if the code base is static, updating libraries/dependencies means updating the policy. Edge case violations are really hard to find.

Replying to

and

It's particularly hard to do it in a way that's portable across a bunch of OS variants without the OS helping you do it. It's really hard for an app or library to do it. It's ideally provided by the OS. Android does use seccomp-bpf for app sandboxes but not strict/fine-grained.

1:43 AM · Mar 22, 2021Twitter Web App

Replying to

It could use a much better filter than it currently does for a newer revision of isolatedProcess. Lack of isolatedProcess adoption probably leads to them not attempting to bring benefits of Chromium's seccomp-bpf filter to other apps. Unfortunate that few apps/libraries care.

Replying to

It's designed in a way that's it's usable by a library, not just an application. So, for example, Signal should really be using it for WebRTC, which is obviously sandboxed in Chromium... but not Signal. Would be really widely used if more developers cared about security.