- Dec 3, 2015
- 938
Google fixes bug for SOP and sandbox mode escape
Google has released version 48.0.2564.116 of its Chrome browser to address a critical issue regarding the broswer's SOP (Same-Origin Policy).
The Google Chrome Security team was alerted to the presence of this issue by a user that wanted to remain anonymous, and who submitted the vulnerability report through the company's bug bounty program.
For his effort, the security researcher was awarded $25,633.70 (€23090.3). The vulnerability (s)he discovered will be tracked via the CVE-2016-1629 identifier, rated as critical.
According to Google's short description, this issue is a Same-Origin Policy bypass in Chromium's Blink rendering engine, and a sandbox mode escape for Google Chrome.
"Bug would have been worth about the same on the black market"
Other details have been suppressed from the public, and will be available in a few days after the bulk of Google Chrome users have updated to the most recent version.
For all browsers, not just Chrome, SOP is a crucial security feature which prevents scripts hosted on a different domain from being executed inside the current homepage, unless specifically specified. A similar issue was fixed exactly a week ago in Firefox when the Mozilla Foundation released version 44.0.2.
A browser sandbox mode refers to a browser's security mechanism that executes suspicious code inside separate processes with limited access to resources as a way to prevent malicious code from trickling down to the underlying browser parent process or the operating system itself. An escape from sandbox mode refers to malicious code that finds a way to run outside this limited process.
On underground hacking forums, and for exploit vendors, SOP and sandbox escapes are very sought after, being traded for thousands or tens of thousands of dollars, especially if they are zero-days (vulnerabilities unfixed/unknown to the app's manufacturer). Google's payout in this case reflects the bug's true value.
Full Article
