A privilege escalation from Chrome extensions (2023) (opens in new tab)

(0x44.xyz)

66 pointsderyilz10mo ago10 comments

10 comments

This is worth more than 10k imo. But I guess since you have to have an extension installed maybe that's why?

Agree.

The only permission the extension needed was “downloads, which normally only allows an extension to download and search for user files, not read or write to them”

That’s not an unusual permission for an attractive but safe sounding extension, for example an extension to download all images from a page

$100k at least?

The value of this to bad guys could be up to millions

SchemaLoad10mo ago

Well the author decided to sell the bug to Google rather than to criminals so I guess it was deemed a good value. By selling it to Google you get to write a nice blog post you can show to future employers and you don't have to involve yourself in crime. So the payout needed is a lot less than what hackers might be offering.

DaSHacka10mo ago

I have to wonder how many people mix-and-match.

Like, does a 6th or 7th blog post really matter, versus getting a large payout?

No rule that says you can't do both, or only disclose+publish the more 'impressive' of your exploits.

rvz10mo ago

> For example, Google awarded $10,000 to a bug report which showed that extensions could read local files by screenshotting them. But there are more dangerous things than file reads.

I think this researcher got scammed without knowing it.

Google paid $10k for this bug despite billions of users using Chrome and there are plenty of brokers that will pay much more than that. (e.g. Zerodium)

They should have sold it as a 0day on the black market for more that $250k.

deryilzOP10mo ago

Keep in mind it's a ChromeOS only bug. They regularly get less money, because not that many people use ChromeOS.

postalrat10mo ago

Don't a lot of schools use chromebooks?

1 more reply

tim199410mo ago

Interesting read for sure! This is about ChromeOS though, Chrome on other platforms was not affected.

rxliuli10mo ago

Your journey of discovery is really cool.

j / k navigate · click thread line to collapse