Why Sandboxes Will Never Be As Secure As Remote Browser Isolation

Google ChromeA few months back, Google released details about a Google Chrome vulnerability being exploited in the wild. While the details about the Chrome vulnerability were informative, what I personally found interesting was the details about a second vulnerability in Microsoft Windows that was being exploited in tandem with this vulnerability.

As you may know, Google Chrome uses a security sandbox around the Chrome renderer processes as a way to mitigate any exploit in the browser. The thought is that if/when the Chrome browser gets exploited, the security sandbox can stop the exploit code from causing any damage to the host system.

For this particular security release, it says that a use-after-free bug in Chrome was being used to exploit the Chrome browser. Then, it used this second bug in Microsoft Windows to escape the sandbox.

This highlights one of the main weaknesses of sandbox technology in general. In one approach, an attacker can try to escape a sandbox by finding a flaw in the sandbox itself. If a sandbox is really well designed (as the Chrome sandbox is), this can be a daunting task. But, due to how sandboxes work, attackers could always just exploit the host operating system kernel instead, like they did in this particular attack. This is oftentimes an easier way to escape a sandbox, since the attackers can leverage the much larger attack surface of the OS kernel.

Remote Browser Isolation, like used in Light Point Web, takes the concept of a security sandbox to the next level. Instead of using the operating system to try to isolate a risky browser process, we move the browsing process off of the system entirely. This makes it impossible for exploit code to even attempt to attack the user’s local operating system. Attacks like the one discussed here are completely mitigated when using Light Point Web, even if you are using a vulnerable version of Chrome and/or Windows.

Leave a Reply

Your email address will not be published. Required fields are marked *