| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 media.ccc.de | 2018-12-29 22:54:42 |  16,797 Views |
Reliable debugging to escape the Chrome sandbox
In this talk, I'll discuss how to reliably find bugs in the Chrome IPC system to escape the sandbox. I'll show how to enumerate the attack surface, how to identify the vulnerabilities, and how to efficiently hide these areas to consistently produce bugs.
Since the Win32k lock on the Chrome renderer process, full Chrome exploits on Windows have become very rare. The last successful competitive exploit occurred in 2015.
By applying new fuzzing strategies, I was able to identify many vulnerabilities in the sandbox over the past year. I used one of them in combination with a teammate's RCE bug to demonstrate a full-chain exploit at Hack2Win this year.
In this talk, I want to show how I found these bugs by using extremely targeted fuzzing. It was easy to set up, but reliably produced great results. I also want to briefly touch on how we used one use after another for a free bug to escape the sandbox completely.
Subscribe to
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9579.html
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
