Isolation vs mitigation is a false choice. You want both. Edge and Chrome are good exemplars heading down this path in different ways.
-
-
Attack surface reduction & well-designed isolation.
-
I thought you'd say: compiler-based anti-exploitation measures. To which I had a ready counterpoint (1/)
@RichFelker@dotMudge -
..that these are unable to protect against malicious/compromised app vendors. But you ruined my plan ;)
@RichFelker@dotMudge -
Compiler mitigations and memory safe languages are part of securing the sandbox impl too.
-
Isolation also doesn't help when the data the attacker wants is already inside the sandbox.
-
https://www.chromium.org/developers/design-documents/site-isolation … is a property people expect the *existing* Chromium sandbox to have.
-
Even with site isolation and no sandbox bypass there can be plenty of useful data within it.
-
Like user-uploaded content on Google being used to exploit and then grab Google credentials.
- 4 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.