undefined | Better HN

0 pointsmmis10001y ago0 comments

Both chrome and firefox lock down the javascript that site is running into their own box. By using a standalone process and whatever mechanism system provided. A pwned site alone isn't enough to cause damage. You also need to overcome other layer of defenses (unlike something like flash that can be owned from it's script engine alone)

It usually require multi 0 day to overcome all those defense and do anything useful. (And it is also the highest glory in defcon)

The browser is surely frequently attacked due to the high rewards. But it also get patched really fast. (As long as you are not using a browser from 10 years ago).

0 comments

tightbookkeeper1y ago

Flash/applets could have been isolated in a process too, right?

nox1011y ago

yes but no, because they needed access to the OS for various services, all of which would have had to be isolated from the user code. Sun and Adobe woiod never have done this. Chrome did it, Safari and Firefox followed. WASM runs in that environment. Flash/applets ran outside of that environment. they did that precisely to provide services the broswer didn't back then.

01HNNWZ0MV43FF1y ago

Chrome did put a sandbox around Flash, didn't they? I thought the bigger reasons it died out was that it didn't integrate with DOM and Apple hated it

j / k navigate · click thread line to collapse