Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Title misleading: virtual machine escape from a web browser, all the way down to host machine.


As someone said in a comment: "Breaking out of the Alcatraz, and then breaking into Fort Knox right afterwards!"


Dunno, seems pretty good. I'm much more impressed by escaping the virtual machine than a microsoft browser.


Makes for a better movie title. I mean who'd pay to see Escape from Microsoft Edge?


Misleading in a way that makes it seem less impressive than it actually was.


Really, they escaped from two virtual machines, the JavaScript VM and the VMWare VM. Maybe give them half a VM-point for breaking the confines of the Windows process (if you take your OS textbook seriously, a process is an abstraction of a computer, so sort of a VM).


Ideally that process is a jail. If Edge is anything like Chrome, it has dropped privileges for that process and that process is just a renderer.

https://seclab.stanford.edu/websec/chromium/chromium-securit...

Read this as I'm very impressed by the exploit.


One of those "VMs" gets escaped from all the time. The other is made by VMware.


One of them has plenty of help from the hardware and has a pretty limited feature set.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: