Avast WEBforum

Consumer Products => Avast Secure Browser => Avast Secure Browser for Windows => Topic started by: id4publik on April 27, 2020, 05:24:39 AM

Title: Sandbox Vulnerability
Post by: id4publik on April 27, 2020, 05:24:39 AM
As as publicly reported at Forbes.com there is a severe problem with Chrome and sandbox functionality .
So....what is Avast doing?
"Secure" Browser is based on Chrome and presumably has the vulnerability
What can we users of your browser expect and when?
Title: Re: Sandbox Vulnerability
Post by: DavidR on April 27, 2020, 10:51:33 AM
Presumably we're talking about the same thing in the link given by Asyn in the quoted text below.

You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

Since this is ultimately an OS vulnerability it would have to be fixed by MS, but in the meantime Google has had to step in.

ASB is based on Chromium not Chrome, so I don't know if they (Avast) would implement the same change or if Google would also be updating the Chromium code and Avast use that chromium base version.

EDIT: From reading this article it would appear MS has implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)