The author illustrates how by chaining messaging APIs, vulnerabilities can be exploited, allowing “universal code execution” to break Same Origin Policy and bypass browser sandbox. The author shares two new vulnerabilities affecting millions of users and explains how large datasets and static code analysis can uncover such vulnerabilities. The content highlights the power of browser extension APIs and native messaging protocols to execute code beyond a single origin’s scope. The author warns about the dangers of lack of origin validation in extension content scripts and how malicious pages can exploit this to access cookies from whitelisted domains. Additionally, the use of native messaging can lead to complete code execution, as demonstrated. The paper concludes by emphasizing the importance of securing browser extensions to prevent universal code execution.
https://spaceraccoon.dev/universal-code-execution-browser-extensions/