{"id":10429,"date":"2025-07-26T12:31:47","date_gmt":"2025-07-26T05:31:47","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10429"},"modified":"2026-02-05T12:31:54","modified_gmt":"2026-02-05T05:31:54","slug":"chrome-dinh-lo-hong-nghiem-trong-cho-phep-vuot-sandbox-chi-qua-mot-trang-web","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/26\/chrome-dinh-lo-hong-nghiem-trong-cho-phep-vuot-sandbox-chi-qua-mot-trang-web\/","title":{"rendered":"Chrome d\u00ednh l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng, cho ph\u00e9p v\u01b0\u1ee3t sandbox ch\u1ec9 qua m\u1ed9t trang web"},"content":{"rendered":"

M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong Google Chrome, b\u1eaft ngu\u1ed3n t\u1eeb l\u1ed7i ki\u1ec3m tra \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u00fang c\u00e1ch trong th\u00e0nh ph\u1ea7n \u0111\u1ed3 h\u1ecda c\u1ee7a Chromium, c\u1ee5 th\u1ec3 l\u00e0 ANGLE v\u00e0 GPU. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf sandbox c\u1ee7a tr\u00ecnh duy\u1ec7t, m\u1edf \u0111\u01b0\u1eddng ti\u1ebfp c\u1eadn s\u00e2u h\u01a1n v\u00e0o h\u1ec7 th\u1ed1ng n\u1ea1n nh\u00e2n.<\/b><\/p>\n

\n
\"3.png\"<\/div>\n<\/div>\n

L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i theo CWE 20, li\u00ean quan \u0111\u1ebfn vi\u1ec7c x\u1eed l\u00fd \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u00fang c\u00e1ch. K\u1ebb t\u1ea5n c\u00f4ng ch\u1ec9 c\u1ea7n d\u1ee5 n\u1ea1n nh\u00e2n truy c\u1eadp m\u1ed9t trang HTML \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00f3 th\u1ec3 k\u00edch ho\u1ea1t khai th\u00e1c. Kh\u00f4ng c\u1ea7n t\u1ea3i hay c\u00e0i \u0111\u1eb7t g\u00ec, ch\u1ec9 m\u1ed9t c\u00fa click v\u00e0o trang web \u0111\u1ed9c h\u1ea1i c\u0169ng \u0111\u1ee7 \u0111\u1ec3 ph\u00e1 v\u1ee1 l\u1edbp b\u1ea3o v\u1ec7 sandbox, khi\u1ebfn r\u1ee7i ro lan r\u1ed9ng nhanh ch\u00f3ng.<\/p>\n

V\u1edbi b\u1ea3n ch\u1ea5t l\u00e0 l\u1ed7 h\u1ed5ng sandbox escape, v\u1ea5n \u0111\u1ec1 n\u00e0y \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng v\u00ec sandbox l\u00e0 tuy\u1ebfn ph\u00f2ng th\u1ee7 ch\u00ednh ng\u0103n m\u00e3 \u0111\u1ed9c t\u1eeb web ti\u1ebfp c\u1eadn t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng. M\u1ed1i nguy c\u00e0ng l\u1edbn khi \u0111i\u1ec3m y\u1ebfu n\u1eb1m trong ANGLE, th\u00e0nh ph\u1ea7n ch\u1ecbu tr\u00e1ch nhi\u1ec7m chuy\u1ec3n l\u1ec7nh \u0111\u1ed3 h\u1ecda t\u1eeb OpenGL ES sang c\u00e1c API g\u1ed1c nh\u01b0 Direct3D ho\u1eb7c Vulkan. \u0110\u00e2y l\u00e0 khu v\u1ef1c th\u01b0\u1eddng c\u1ea7n \u0111\u1eb7c quy\u1ec1n cao v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi ph\u1ea7n c\u1ee9ng, khi\u1ebfn vi\u1ec7c khai th\u00e1c tr\u1edf n\u00ean nguy hi\u1ec3m h\u01a1n nhi\u1ec1u.<\/p>\n

V\u1ec1 m\u1eb7t k\u1ef9 thu\u1eadt, l\u1ed7 h\u1ed5ng c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c th\u00f4ng qua c\u00e1c shader ho\u1eb7c buffer \u0111\u1ed9c h\u1ea1i trong n\u1ed9i dung WebGL, l\u00e0m r\u00f2 r\u1ec9 d\u1eef li\u1ec7u ho\u1eb7c th\u1ef1c thi m\u00e3 n\u1eb1m ngo\u00e0i ph\u1ea1m vi sandbox. Khi ANGLE kh\u00f4ng x\u1eed l\u00fd \u0111\u00fang c\u00e1c gi\u00e1 tr\u1ecb \u0111\u1ea7u v\u00e0o, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ghi \u0111\u00e8 v\u00f9ng nh\u1edb v\u00e0 th\u1ef1c thi m\u00e3 \u1edf c\u1ea5p \u0111\u1ed9 tr\u00ecnh \u0111i\u1ec1u khi\u1ec3n \u0111\u1ed3 h\u1ecda. N\u1ebfu k\u1ebft h\u1ee3p v\u1edbi m\u1ed9t l\u1ed7 h\u1ed5ng leo thang \u0111\u1eb7c quy\u1ec1n kh\u00e1c, sandbox escape c\u00f3 th\u1ec3 m\u1edf \u0111\u01b0\u1eddng cho k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng.<\/p>\n

Kh\u00f4ng ch\u1ec9 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn Chrome, l\u1ed7 h\u1ed5ng c\u00f2n \u0111e d\u1ecda to\u00e0n b\u1ed9 h\u1ec7 sinh th\u00e1i tr\u00ecnh duy\u1ec7t s\u1eed d\u1ee5ng nh\u00e2n Chromium nh\u01b0 Microsoft Edge, Opera v\u00e0 nhi\u1ec1u tr\u00ecnh duy\u1ec7t ph\u1ed5 bi\u1ebfn kh\u00e1c. Vi\u1ec7c d\u00f9ng chung m\u1ed9t n\u1ec1n t\u1ea3ng l\u00f5i khi\u1ebfn ch\u1ec9 m\u1ed9t l\u1ed7 h\u1ed5ng c\u0169ng c\u00f3 th\u1ec3 t\u00e1c \u0111\u1ed9ng \u0111\u1ebfn h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng tr\u00ean nhi\u1ec1u thi\u1ebft b\u1ecb v\u00e0 th\u01b0\u01a1ng hi\u1ec7u kh\u00e1c nhau.<\/p>\n

CISA c\u00f9ng c\u00e1c c\u01a1 quan an ninh m\u1ea1ng \u0111\u00e3 ph\u00e1t c\u1ea3nh b\u00e1o kh\u1ea9n, khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1ed5 ch\u1ee9c c\u1eadp nh\u1eadt tr\u00ecnh duy\u1ec7t c\u00e0ng s\u1edbm c\u00e0ng t\u1ed1t v\u00e0 \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u do nh\u00e0 cung c\u1ea5p \u0111\u01b0a ra. V\u1edbi nh\u1eefng tr\u01b0\u1eddng h\u1ee3p kh\u00f4ng th\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng m\u1ed9t c\u00e1ch an to\u00e0n, c\u00e1c t\u1ed5 ch\u1ee9c \u0111\u01b0\u1ee3c khuy\u00ean t\u1ea1m ng\u1eebng s\u1eed d\u1ee5ng tr\u00ecnh duy\u1ec7t b\u1ecb \u1ea3nh h\u01b0\u1edfng cho \u0111\u1ebfn khi c\u00f3 b\u1ea3n v\u00e1 ch\u00ednh th\u1ee9c.<\/p>\n

L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ghi nh\u1eadn ch\u00ednh th\u1ee9c v\u00e0o ng\u00e0y 22\/07\/2025, v\u1edbi th\u1eddi h\u1ea1n x\u1eed l\u00fd \u0111\u1ebfn ng\u00e0y 01\/08. M\u1ed1c th\u1eddi gian n\u00e0y ph\u1ea3n \u00e1nh m\u1ee9c \u0111\u1ed9 kh\u1ea9n c\u1ea5p v\u00e0 m\u1ee9c r\u1ee7i ro m\u00e0 c\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt \u0111\u00e1nh gi\u00e1. D\u00f9 ch\u01b0a c\u00f3 d\u1ea5u hi\u1ec7u b\u1ecb khai th\u00e1c trong c\u00e1c chi\u1ebfn d\u1ecbch ransomware, nh\u01b0ng kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua sandbox khi\u1ebfn l\u1ed7 h\u1ed5ng tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau h\u1ea5p d\u1eabn \u0111\u1ed1i v\u1edbi t\u1ed9i ph\u1ea1m m\u1ea1ng. Ng\u01b0\u1eddi d\u00f9ng n\u00ean ch\u1ee7 \u0111\u1ed9ng c\u1eadp nh\u1eadt tr\u00ecnh duy\u1ec7t v\u00e0 theo d\u00f5i s\u00e1t sao c\u1ea3nh b\u00e1o t\u1eeb c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n.<\/p>\n

Theo Cyber Press<\/i><\/b>\u200b<\/div>\n
Theo: https:\/\/whitehat.vn\/threads\/chrome-dinh-lo-hong-nghiem-trong-cho-phep-vuot-sandbox-chi-qua-mot-trang-web.18604\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"

M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong Google Chrome, b\u1eaft ngu\u1ed3n t\u1eeb l\u1ed7i ki\u1ec3m tra \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u00fang c\u00e1ch trong th\u00e0nh ph\u1ea7n \u0111\u1ed3 h\u1ecda c\u1ee7a Chromium, c\u1ee5 th\u1ec3 l\u00e0 ANGLE v\u00e0 GPU. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf sandbox c\u1ee7a tr\u00ecnh duy\u1ec7t, m\u1edf […]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10429","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10429"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10429\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}