Below my post about Chrome's sandbox I engaged in a discussion with AlienRancher regarding the function hooking (or 'interception' as Google calls it) really being a security mechanism. I must confess that I really thought it was, and I even liked the idea. But in fact it came out that function hooking is for compatibility purposes only. If a plugin has trouble running in a restricted environment due to problems with limited access to some keys/files, the hooking mechanism can transfer the calls to the browser, and they will be done with browser privileges (of course if a certain rule allows it).
It means that my hook taking off PoC was still OK, but not really needed for anything ;>
Sorry for misinterpreting the whole hooking mechanism then ;>
Sections
- lang:
| 
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- Weird PCI-e connector actually works,
- A clever Python challenge – find flag,
- Debug Log: The mystery of usb 3-11 device,
- Hello World under the microscope,
- Crow HTTP framework use-after-free,
- Crowbleed (Crow HTTP framework vulnerability),
- Treebox - Python AST sandbox challenge from Google CTF 2022,
- An informal review of CTF abuse,
- Debug Log: Why is my M.2 SSD so slow?,
- Screams of Power vulnerabilities (Powertek-based PDUs),
- → see all posts on main page
Add a comment: