Author Topic: Sandbox Vulnerability (Read 1727 times)

id4publik · « **on:** April 27, 2020, 05:24:39 AM »

As as publicly reported at Forbes.com there is a severe problem with Chrome and sandbox functionality .
So....what is Avast doing?
"Secure" Browser is based on Chrome and presumably has the vulnerability
What can we users of your browser expect and when?

DavidR · « **Reply #1 on:** April 27, 2020, 10:51:33 AM »

Presumably we're talking about the same thing in the link given by Asyn in the quoted text below.

Quote from: Asyn on April 27, 2020, 06:44:37 AM

You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

Since this is ultimately an OS vulnerability it would have to be fixed by MS, but in the meantime Google has had to step in.

ASB is based on Chromium not Chrome, so I don't know if they (Avast) would implement the same change or if Google would also be updating the Chromium code and Avast use that chromium base version.

EDIT: From reading this article it would appear MS has implemented a fix:

Quote from: Extract from article

This vulnerability was fixed in April 2020 as CVE-2020-0981.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981

Author Topic: Sandbox Vulnerability (Read 1727 times)

id4publik

Sandbox Vulnerability

DavidR

Re: Sandbox Vulnerability