hello everyone Welcome to our talk the whole in s box is mod VI AP sandbox from set isolation perspective and Balo this is my partner Hab we are all security researchers at tensent security sh level I mainly engaged in browser security and also a Google Chrome B Hunter I've been focused on Android security more so this is a talk combining browser security and Android security uh let's start this talk from the part background and knowledge as shown in the picture the Chrome is a m multiprise browser we can see that the page is opened each process has different work to do and gently render the uh the page for example the browser process can chose the interactive Parts visible to the user such as address bar back and forward button and also invisible Parts such as uh Network requests and fail assise the render process can chose anything inside the tab where a website is displayed any code related to the page rendered here including JavaScript HTML CSS and so on as we can see our code about website was loaded in render page so if any back here attacker can get all permissions of render process therefore Chrome uses a Sandbox to limit render functions so attackers can't do much things the first main idea is do not revent the view therefore the sandbox reuse reuses the system restrictions to Grant low power permissions to the render procise for example the integrated lels was used on vs set comp BPF on Linux and S Linux on Android this Mak sandbox meet the principle of list PR privileg and the uh rendom procise only can assise limited resource and IPC or kernel interaction so what can hacker do after getting the render uh the render RC first they can assess the limited system call for example calling and protect to unlock uh memory with any permissions but they can't do really dangerous things like downloading and fils creating prise in this situation hackers May evalate their permissions where system bugs uh in the liit uh limited system call second they can send IPC calls with evil parameters if there are any bugs in browser procise and when handling IPC attacker will element element with their permissions by getting RC in browser process the above uh popular ways to send box is Escape at present of course they all required another bug another capability is patching all code and data in rendom prise there is a special sampo Escape case from blackhead Euro uh USA 2022 a tiger can call any native njs apis by modifying some data related to the I where this apis ATT tiger can escape some box of electron applications what is the greatest capability of Rand the RC itself can it only be used as the precondition for S escape this this is all also the original intention of this talk we hope to explore how to push the rarc itself to its limits uh according to the Chrome vulnerability World program rules there are some other high-risk bugs between sandbox escape and run RC here so can we increase our the risal level of rarc itself step by step and finally achieve sandbox Escape they made two ways to choose here first is GPU or network procise RC which is a process with medium permissions but those precise RC also requires a prevaled escap bug so can we Universal set cross-site scripting first so let's come to the part two with this problem I think everyone here may be very familiar with cross site scripting also known as SSS but what is universal xss this is a simple uh simple picture to show the differences between them when there is a bug in the server server code of victim.com here the tiger tricks the user to load a link cont contining uh Evo parameters after that the access pad is injected into the page on the S side when the page is loaded in the browser any JavaScript code will be executed in victim.com and the tiger can steal the user's cookies as for Universal accesss the box is in browser when Universal SS pad is loaded in the victim's browser attacker will use the bug to inject JavaScript code into a victim.com even if the sub side has no bug the cookies can still be stolen after analyzing the historical data this T type of vulnerability began to exist as early as 2006 from the figure below we can see that from 2010 and 2024 I.E Safari Fair Fox and chrome all had such viles in particular 63 viability uh universal access box appeared in chromal between 2014 and 2016 so Universal SSS is a kind of highrisk vulnerabilities that has existed for a long time and affected many browsers so what stopped us injecting code from other domains we can do a small we can do a small experiment we know that the Dom tree contains all the code of a page we can visit it by the object document first we create a new F and set is a different domain from the parent page such as X do xl. t.com when trying to read and write a sto tree from the parent page we found it was blocked by theop of browser the same origin policy also know sop is a critical security mechanism that restricts how document can interact with a cross or region resource it checks whether the triples of parent page and child page are the same the tries are appal the name and part in our case the domain of a is different from the parent page so the assess is blocked now the questions is how to bypass sop here is a casee was learning telling us how to use a run RC to bypass the SOP in Safari it comes from a topic of blue hat 2020 the tiger can use a aame to load google.com in the actor uh tier.com and then exploor a run RC buug in parent page to inject a B3 uh JavaScript code into google.com there are three conditions of this attack pass the first is the attackers page and the victim IIM are in the same render precise and second is that sop check is in render precise rather than in browser precise the third is that domain structure used by this check is also in rendom prise so a attacker can modify data in rendom precise to bypass sop specifically the attacker can write M Universal aze of domain to bypass check of cross domain data aze so the tiger can inject any ja script code into aame page of course X frame options will block set to be uh loaded in aame however this check is also in the random process so a tiger can buy by pass this this check again using the same method and make any site loaded in Fame so comparing those po two point AER implied Universal accss in Safari it sounds like good news since Chrome and Safari used to share the same render engine that was web kit so this attack method is Safari may affect Chrome as well however Chrome designed a series of universal accesses Harden to defend against them first Chrome introduces out of prise f frames it allowed a CH a frame of a page to be rendered by a different prise rather than it's a parent process so it CED a condition one second Chrome introduced the plz navigate it moves cross uh cross origion Security checks to browser process so it CES condition two and three what more Chrome introduces set isolation on 2000 18 it limits each render procise to load a single site it is called the most promising uh can counter measure against Universal exis attacks set isolation seems a problem we have to face so let's come to the set isolation now its principle is treating each website at a spirit a security principle requiring a dedicated render procise there are mainly five new features added in set isolation according to the paper among them set principles and dedicated processes are Concepts you uh used to uh Define the implementation method of set isolation well cross precise navigation and out of prise a frames are the scenarios in which that isolation is added in out of precise aame scenario when the parent page contain a cross or region aame or page that loaded in a new procise in Cross procise navigation scenario when the Navigation target is cross origin it will be loaded in a new precise tool now we understand the principle of set isolation let's take a look at its implementation we can find it in a start navigation method we know that a render frame host represents a render in the uh browser procise so during navigation the render which the new page is loaded will be determined based on the associated R FH type marked in right here it's determined by use current rfh in getri host from negation and this is determine the whether the current site instance and is constant with destination site instance finally we found that the generation procise of destination set instance will be will try to reuse the origin set instance if possible it will be loaded in the old run frame host otherwise it will be loaded in a new one which means a new process created the key to uh design whether to reuse procise is use dedicated procise for all sets me for example when the strect isolation uh set isolation mode is not meet the new page will be loaded in a the original process with navigation so what is strict mode we can know it from the dock the strict mode is only for desktop platforms so the process will be reused in the uh partial mode such as Chrome for Android and this sat relation will also occur in all Android platform such as webie this it to see we can reuse the same process after navigation in Android now hackers has the ability to patch all code and data based on the r RC and the following page can be in the same prise uh attacker controlled the next type is to find a way to inject JavaScript code into another page there are many time to choose from the perspective of a page Runing I chose the JavaScript compilation fast the JavaScript code here is a stram at this time point so what we need to do is finding and modifying them I found compile SCP internal meod the compilation function Chrome first it takes out the JavaScript code and generat generates a V8 dream object here and then call compile method of script compiler this is good point to hook so I hook this point Co Point into a Evo V8 streen this looks like a children host when certain condition are meet even stream modifies the jav script code into our pad like alert Pond otherwise it compels normally to avoiding Strange Behaviors so the whole attack process is like this first victim open the attackers website and then AER patches the code where run RC it injects TR house into compel scity internal and then Nate to the victim Side by reciting the location. hrf when comparing this JavaScript of victim the page the CH host triggered and modified JavaScript as any controlled by the attacker causing the universal accss okay we take a step forward we transfer the Rend RC into a universal xss I make a demo on Chrome for Android 9 on this version we can inject any uh coding into some important uh important sites such as a con. google.com uh let me play the video okay we can is Chrome IP okay we can the pond was shown on account. google.com after I talk about this meod with go on t he said he is similar to his another bug used on pfest 2008 16 uh this is very coincidence so I also list his M here after I submit this uh issue to Google however Google set it won't fix since they can't do anything um they can't do much thing until they enable stre set isolation on Android but as user they us users they are still be safe since uh Google us Heros stics to isolate the sites that need isolation most from chrome 92 this means we can't inject JavaScript code into sites that like account. google.com after that so uh what are the sets that need isolation most according to the Google do it mainly provide protects prev data related to the user login such as the sites that you users login by entering the password or set with the industry standard or O Part particle since that uh what other unprotected but equally dangerous setes are there from the perspective of Android chome uh developers just Pro protecting those uh sites is enough but there is a category of ifs called web based AP implied by a browser components using Chrome usually web based AP has more complex functions could this AP survived uh this uh under this uh this attack using similar protection okay this is another question so let me give the lifetime to hin he will introduce how we escape the sandbox of web AP using this method okay welcome h uh hello I'm H I'm going to show you how we escape the sand box in real world software first let's analyze the web based app from site isolation perspective uh web B app use a web view or other similar component like CF to show web content the component are of based Chrome such powerful component may cause more problem than native application sometimes developers not only want web content display but also interactive with their local resource uh therefore web component also come with JavaScript interface which can give jav uh JavaScript ability to count native code some JavaScript interface actually implment very powerful function such as install and open application if we can call this interface it's possible to achieve effect or sbox Escape but developers also come up with this and limit use a privileged application interface to only website they trust the following is a code example uh like this uh before call privilege application interface there is a domain check it seems very secure is it possible to break security exception uh in a perfect s isolation there is in need no way to do that however after our research we found that due to the implementation of s isolation there are secure issue in many web based app many apps don't Implement full sight isolation we may use Universal accesss solution to call any privileged application interface to achieve effect o sendbox Escape now let's show how to escape mod than web based app s box from s isolation perspective uh here are some software we care for example PC application based CF default mobile browser application store uh and so on the first the first type is a PC application based CF uh this is the web based app architecture with the following two feature first privileged application interface mainly implement the common function of the client second many impl uh impl deep link are registed in privileged domain resolution for developers the most important is the running speed of the software so there will be many optim optimization uh especially regarding the process of loading page a case is random process created when the app open and reused when website closed it close uh it kills the site isolation when only one tab used haer can get Universal accesss in privileged domain using a rendom bu and then we find the bus in privilege application interface first we found two boxs in crypto application interface we use we use Windows UNC to control the input file as remote fail we can also get past traverser when writing fails so we can write any value to any fil and we found another interface which can start a process with hard code name uh chm we got rce there is the exploit demo radio uh what we are going to introduce next is mobile browser uh default browser or mobile phone is pre-installed so it is a tech entry point for p own's mobile project which may imply one click R see uh it's a attractive Target for security researcher each brand the mobile phone will pre-install their customer browser only Google pixel 4 carry Android Chrome mobile Wonder customer browser open secondary development based Android Chrome which are potential set isolation tool so we can achieve Universal accesss in this target to then we need to found some univer uh with then we need to find some useful JavaScript interface there is the case there are some advertising function in Target app which enable silent app install and open and after after analyze we found that such powerful function are implemented by JavaScript interface but the highrisk function can only be called from privilege domain the following is Target interface the first is browser. open app app can be opened based the app name streen another is Brer do install app app can be installed based based on the app name stream and a callback for install app can be set we can use this callback to open app after inst but uh this is not not not good enough we found that all apps in the App Store can be installed that means we need to upload self-developed app with the back door to App Store just like most of the PTO players in recent years however this method take more time and uh carry the risk of being de be discovered by Auditors but we have to rush to participate into to T cup uh and there are other ways to exploit after analyze we find a possible solution we should control the devic through app already in app store and the Target app need to be able to inter interactive with us to Achi effect or execute attribute command then we found the following application uh terminal application or script language interruptor we found that there is a search app that can execute the parameter passed by Deep link as a command uh like this we get a reest share by download and wrong B box as net netcat by start terminal with this this dip Link in order to start app with DP link we need a more powerful privileged application interface and we found a interface like this browser. start activity with deep link compared with the interface open app this m can uh can pass the parameter and uh more flexible we can use it to launch terminal app and transfer data to reverse shell uh let's what we do you for finally a case about web based Android app most of all Android based web view can be launched from browser uh uh but there are also some difference the browser can load the content or any website but web based app can generally display some vend related content when the app receiv some untrusted content it may even jump out to browser to open it the case is the default app store or mobile phone the Target app is a w building App Store application similar to the Google Play application apps can be install and open the silent from Target app and Target app can be launched from browser which means browsable in summary the target application is a good Target for p to all or tful cup let's look at the first activity we found it is export bable and regist for reach develop uh reach de link it head intent and distribute to different web based activities uh the code is like this activity one uh divide links to following three types uh untrusted website uh it will jump to browser to open it and uh when the related site it will open activity with web view with no privilege application interface and finally website related to App Store business it will opening activity or website or web View with privileged application interface and then activity two we here uh it is an activity of web view with privileged application interface but uh no way to load to untrusted domain the code is like this and then we analyze the useful privileged application interface one is Market do open app apps can be opened based on the app name stream another is market. install app app can be opened based on the app nry and the a callback for Insel app can be set we can use this callback to open app after install but uh we didn't find a way to load our own website in Activity 2 we have to find a way to load our HP first after some research we found the target uh activities three uh this is a activity with web view with no privileged application interface but vulnerability can be can inject attribute build page content like uh like this uh what we have now uh first is Activity one it receive the intent set by browser and start activity one or activity two and the activity2 have privileged the application interface to open and install app and the Activity three can load the arbitr website is it possible to attack web view in Activity 2 through web view in Activity 3 after our test web view between different app have com complete site isolation but there is only only one website uh only one web render process in the same app that means there is no site isolation between different R VI in an app so we complete the attack that is the BR to Activity one then to activity two then return to Activity one finally jump to Activity three and a sandbox Escape uh let's watch our video uh that's all demos there are other suggestion for app developers uh first uh make setle isolation configurable to protect a privilege domain then perform same AR judgment first and then decide whether to reuse the process and uh restrict privilege on JavaScript interface to prevent excuse priv uh privileg and use immutable code whenever possible to implement highrisk operation and uh finally time timely fix supply chain V uh vulnerability introduced by Chrome uh and there is a acknowledge acknowledgement I would like to express way our gratitude to the following people we have been uh have been helpful to the topic and uh thank you for hearing [Applause]