Browser 0-days on Linux?

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

airchie

Member
Nov 9, 2020
14
13
I was just thinking about some proposals at work for securing things a bit more and something popped into my head.
Do browser 0-day vulnerabilities affect all OSes equally?

Seems to me that we often hear about the vulnerabilities giving you "system" privs but never "root".
Or allowing attackers a RCE opportunity but would it allow the execution of code on a linux machine also?

Seems to me that at least some of the browser 0-days would be ineffectual in linux?
 
Your expectation is correct.
The shared browser code eould lead in a vulnerability inside the browser regardless of the platform. But if that code is platform-specific, it shouldn’t cross platforms.
 
Upvote 0
Yes, the errors are going to be common in a lot of cases, though with Linux you do at least have the different environment that is going to slow things down, as most exploits will be aimed at the majority OS, which gives the best return. But they also will be exploitable, and will be able to execute code in the browser process itself on x86 processors, so can still do damage. However they will be limited to the user permissions, so while your data is in danger, the actual OS is safe.

Best though is update regularly, and often, as soon as the typical version presents the option, and keep up to date, have backups, and of course avoid dodgy sites and adverts. Most common drive by is to buy an ad legitimately, and simply have the server that contains it serve up the malware in addition to the ad script for either regional, or random requests, or after a certain time to keep the ad supplier from seeing the malware payload.
 
Upvote 0
Well you might use Javascript to escape the browser sandbox, but then the value of Javascript ends and you need to run shell code targeted at a specific target OS. Windows is probably the most frequent target because it is in the biggest installed base.
 
Upvote 0