Author Topic: Sandbox Vulnerability  (Read 673 times)

0 Members and 1 Guest are viewing this topic.

Offline id4publik

  • Newbie
  • *
  • Posts: 1
Sandbox Vulnerability
« on: April 27, 2020, 05:24:39 AM »
As as publicly reported at Forbes.com there is a severe problem with Chrome and sandbox functionality .
So....what is Avast doing?
"Secure" Browser is based on Chrome and presumably has the vulnerability
What can we users of your browser expect and when?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83920
  • No support PMs thanks
Re: Sandbox Vulnerability
« Reply #1 on: April 27, 2020, 10:51:33 AM »
Presumably we're talking about the same thing in the link given by Asyn in the quoted text below.

You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

Since this is ultimately an OS vulnerability it would have to be fixed by MS, but in the meantime Google has had to step in.

ASB is based on Chromium not Chrome, so I don't know if they (Avast) would implement the same change or if Google would also be updating the Chromium code and Avast use that chromium base version.

EDIT: From reading this article it would appear MS has implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981
« Last Edit: April 27, 2020, 11:05:00 AM by DavidR »
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.8.2432 (build 20.8.5684.602) UI-1.0.564/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security