Tangential, but there was a recent sandbox escape vulnerability in both Chrome a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

hypeatei on April 6, 2025 | parent | context | favorite | on: Max severity RCE flaw discovered in widely used Ap...

Tangential, but there was a recent sandbox escape vulnerability in both Chrome and Firefox.

The bug threads are still private, almost two weeks since it was disclosed and fixed. Very strange.

https://bugzilla.mozilla.org/show_bug.cgi?id=1956398

https://issues.chromium.org/issues/405143032

https://www.cve.org/CVERecord?id=CVE-2025-2783

hovav on April 6, 2025 | [–]

Standard operating procedure for both the Chrome [https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...] and Firefox [https://www.mozilla.org/en-US/about/governance/policies/secu...] bug tracking systems.

But the fix itself is public in both the Chrome [https://chromium.googlesource.com/chromium/src.git/+/36dbbf3...] and Firefox [https://github.com/mozilla/gecko-dev/commit/ac605820636c3b96...] source repos, and it makes pretty clear what the bug is.

benatkin on April 6, 2025 | | [–]

Looks like this one only applied to windows. Here’s a link to the diff: https://chromium.googlesource.com/chromium/src.git/+/36dbbf3...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact