zlacker

[parent] [thread] 7 comments
1. EvanAn+(OP)[view] [source] 2023-05-24 17:45:58
Untrusted code running in a well-defined and maintained sandbox.
replies(2): >>pauldd+5i1 >>hardwa+3O1
2. pauldd+5i1[view] [source] 2023-05-25 02:54:16
>>EvanAn+(OP)
Yes and....
replies(1): >>EvanAn+uJ2
3. hardwa+3O1[view] [source] 2023-05-25 09:18:02
>>EvanAn+(OP)
Still stuff manages to escape constantly

You can find exploits on gh for older chromium versions easily

replies(1): >>EvanAn+9J2
◧◩
4. EvanAn+9J2[view] [source] [discussion] 2023-05-25 15:36:52
>>hardwa+3O1
Even so it's disingenuous to compare running native code in an OS w/o a capabilities model to running Javascript in a browser.
◧◩
5. EvanAn+uJ2[view] [source] [discussion] 2023-05-25 15:38:24
>>pauldd+5i1
Visiting a website and running Javascript vs. running a native application aren't equivalent. Browser sandbox exploits are "a thing" but that doesn't make the situations the same.
replies(1): >>pauldd+j33
◧◩◪
6. pauldd+j33[view] [source] [discussion] 2023-05-25 17:13:17
>>EvanAn+uJ2
Yes and WASM can be sandboxed just as easily as JavaScript.

There is nothing "magical" about web browsers in that regard.

replies(1): >>EvanAn+kb3
◧◩◪◨
7. EvanAn+kb3[view] [source] [discussion] 2023-05-25 17:54:09
>>pauldd+j33
I don’t follow where you’re going.

I didn’t say there was anything “magical” about browsers. They have a sandbox for JavaScript, by default. Windows doesn’t have a sandbox for native apps, by default.

A parent poster seemed to be making a statement of equivalency between running a native application in Windows and running JavaScript in a browser. I don’t think they’re equivalent.

That’s what I’m saying.

replies(1): >>iknows+g54
◧◩◪◨⬒
8. iknows+g54[view] [source] [discussion] 2023-05-25 22:40:15
>>EvanAn+kb3
We are literally talking about an environment for running Win32 apps in a sandbox
[go to top]