Forwarded from BlackBox (Security) Archiv
Google Just Gave Millions Of Users A Reason To Quit Chrome, Windows 10
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
๐กEdit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled โYou Won't Believe what this One Line Change Did to the Chrome Sandboxโ, Googleโs Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chromeโs security with just a single line of misplaced code. Given Windows 10โs appalling recent update record, thatโs not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
๐๐ผ Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
๐กEdit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled โYou Won't Believe what this One Line Change Did to the Chrome Sandboxโ, Googleโs Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chromeโs security with just a single line of misplaced code. Given Windows 10โs appalling recent update record, thatโs not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
๐๐ผ Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
Media is too big
VIEW IN TELEGRAM
What is a Browser Security Sandbox? (Learn to Hack Firefox)
https://www.youtube.com/watch?v=StQ_6juJlZY
#sandbox #ff #firefox
https://www.youtube.com/watch?v=StQ_6juJlZY
#sandbox #ff #firefox
Google announces Privacy #Sandbox on Android to balance ads in apps with better user data protections
https://9to5google.com/2022/02/16/android-privacy-sandbox/
https://9to5google.com/2022/02/16/android-privacy-sandbox/
9to5Google
Google announces Privacy Sandbox on Android to balance ads in apps with better user data protections
As work on the web version continues, Google announced today that it's bringing Privacy Sandbox to Android. This is a multi-year effort...
Sandboxed Google Play #gapps
#GrapheneOS has a compatibility layer providing the option to install and use the official releases of #Google #Playstore in the standard app #sandbox. Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full app sandbox. It also isn't used as a backend for the OS services as it would be elsewhere since GrapheneOS doesn't use Google Play even when it's installed.
Since the Google Play apps are simply regular apps on GrapheneOS, you install them within a specific user or work profile and they're only available within that profile. Only apps within the same profile can use it and they need to explicitly choose to use it. It works the same way as any other app and has no special capabilities. As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or the standard permissions. Apps within the same profile can communicate with mutual consent and it's no different for sandboxed Google Play.
Sandboxed Google Play is close to being fully functional and provides near complete compatibility with the app ecosystem depending on Google Play. Only a small subset of privileged functionality which we haven't yet ported to different approaches with our compatibility layer is unavailable. Some functionality is inherently privileged and can't be provided as part of the compatibility layer.
The vast majority of Play services functionality works perfectly including dynamically downloaded / updated modules (dynamite modules) and functionality provided by modular app components such as Google Play Games. By default, location requests are rerouted to a reimplementation of the Play geolocation service provided by GrapheneOS. You can disable rerouting and use the standard Play services geolocation service instead if you want the Google network location service and related features.
Our compatibility layer includes full support for the Play Store. Play Store services are fully available including in-app purchases, Play Asset Delivery, Play Feature Delivery and app / content license checks. It can install, update and uninstall apps with the standard approach requiring that the user authorizes it as an app source and consents to each action. It will use the standard Android 12+ unattended update feature to do automatic updates for apps where it was the last installer.
https://grapheneos.org/usage#sandboxed-google-play
https://youtu.be/SZ0PKtiXTSs
#GrapheneOS has a compatibility layer providing the option to install and use the official releases of #Google #Playstore in the standard app #sandbox. Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full app sandbox. It also isn't used as a backend for the OS services as it would be elsewhere since GrapheneOS doesn't use Google Play even when it's installed.
Since the Google Play apps are simply regular apps on GrapheneOS, you install them within a specific user or work profile and they're only available within that profile. Only apps within the same profile can use it and they need to explicitly choose to use it. It works the same way as any other app and has no special capabilities. As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or the standard permissions. Apps within the same profile can communicate with mutual consent and it's no different for sandboxed Google Play.
Sandboxed Google Play is close to being fully functional and provides near complete compatibility with the app ecosystem depending on Google Play. Only a small subset of privileged functionality which we haven't yet ported to different approaches with our compatibility layer is unavailable. Some functionality is inherently privileged and can't be provided as part of the compatibility layer.
The vast majority of Play services functionality works perfectly including dynamically downloaded / updated modules (dynamite modules) and functionality provided by modular app components such as Google Play Games. By default, location requests are rerouted to a reimplementation of the Play geolocation service provided by GrapheneOS. You can disable rerouting and use the standard Play services geolocation service instead if you want the Google network location service and related features.
Our compatibility layer includes full support for the Play Store. Play Store services are fully available including in-app purchases, Play Asset Delivery, Play Feature Delivery and app / content license checks. It can install, update and uninstall apps with the standard approach requiring that the user authorizes it as an app source and consents to each action. It will use the standard Android 12+ unattended update feature to do automatic updates for apps where it was the last installer.
https://grapheneos.org/usage#sandboxed-google-play
https://youtu.be/SZ0PKtiXTSs
GrapheneOS
GrapheneOS usage guide
Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.