CyberSecurityBoard
Sponsor Register Login

Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox - Technical Details Disclosed

A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving attackers access to the underlying operating system. This vulnerability represents a significant security breach in Chrome’s defense mechanisms, as the sandbox is specifically designed to isolate potentially harmful web content from accessing sensitive system resources. The vulnerability stems from a memory corruption issue in Chrome’s V8 JavaScript engine, enabling attackers to execute arbitrary code within the sandboxed environment. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. SecureLayer7 analysts identified the vulnerability during routine security audits, noting that the exploit chain requires minimal user interaction beyond visiting a malicious webpage. This vulnerability is particularly concerning because it bypasses Chrome’s multi-layered security architecture, which typically prevents web-based attacks from affecting the host system. Their analysis revealed that successful exploitation could lead to complete system compromise, with attackers gaining the ability to install malware, access sensitive data, and establish persistence on affected systems. This code creates a type confusion scenario where the JavaScript engine incorrectly handles object types, allowing attackers to manipulate memory and execute arbitrary code. By exploiting this initial weakness, attackers could then leverage a second flaw in the Inter-Process Communication (IPC) mechanism to escalate privileges and escape the sandbox entirely. Google has assigned a “High” severity rating to the issue, acknowledging its potential for widespread impact given Chrome’s dominant market share of approximately 65% of global browser usage. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The second stage of the attack exploits a flaw in Chrome’s IPC message handling to escape the sandbox restriction. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 29 Apr 2025 13:40:10 +0000


Cyber News related to Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox - Technical Details Disclosed

What is a Sandbox? Definition from SearchSecurity - A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Using a sandbox to detect malware offers an additional layer of protection against ...
1 year ago Techtarget.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox - Technical Details Disclosed - A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving attackers access to the underlying operating system. This ...
4 hours ago Cybersecuritynews.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
1 year ago Bleepingcomputer.com
Mozilla warns Windows users of critical Firefox sandbox escape flaw - In October, Mozilla also patched a zero-day vulnerability (CVE-2024-9680) in Firefox's animation timeline feature exploited by the Russian-based RomCom cybercrime group that let the attackers gain code execution in the web browser's sandbox. ...
1 month ago Bleepingcomputer.com CVE-2024-9680
Google Adds V8 Sandbox To Chrome To Fight Against Browser Attacks - A Sandbox is a protective medium that blocks the entire system from any application accessing vulnerable resources. Restrictive environments for web content in browsers called sandboxes reduce the impact that can be caused by browser-based attacks ...
1 year ago Gbhackers.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
1 year ago Cysecurity.news
MirrorFace APT Hackers Exploited Windows Sandbox & Visual Studio Code Using Custom Malware - The campaign, attributed to a threat actor known as “MirrorFace,” a subgroup operating under the APT10 umbrella, exploited Windows Sandbox and Visual Studio Code to execute malicious activities while evading detection from security tools ...
1 month ago Cybersecuritynews.com APT1
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
1 year ago Bleepingcomputer.com Hunters
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
1 year ago Bleepingcomputer.com
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
10 months ago Security.googleblog.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
2 years ago Hackread.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
1 year ago Bleepingcomputer.com
Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
1 year ago Bleepingcomputer.com
5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
1 year ago Cybersecuritynews.com
Alert: New Chrome Zero-Day Vulnerability Being Exploited - Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It's worth noting that the vulnerability ...
1 year ago Securityboulevard.com CVE-2023-7024 CVE-2023-2033 CVE-2023-2136 CVE-2023-3079 CVE-2023-4762 CVE-2023-6345
Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild - “The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even ...
1 month ago Cybersecuritynews.com CVE-2025-2783
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
11 months ago Bleepingcomputer.com
5 Must-Have Tools for Effective Dynamic Malware Analysis - After launching the executable file found inside the archive, the sandbox instantly detects that the system has been infected with AsyncRAT, a popular malware family used by attackers to remotely control victims' machines and steal sensitive data. ...
6 months ago Thehackernews.com
Google discloses 2 zero-day vulnerabilities in less than a week - Google patched another Chrome zero-day vulnerability on Monday, the second one in the span of four days. In a blog post on Monday, Daniel Yip, technical program manager at Google, disclosed a high-severity out-of-bounds write vulnerability tracked as ...
11 months ago Techtarget.com CVE-2024-4761 CVE-2024-4671
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
1 year ago Bleepingcomputer.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)