all InfoSec news
Escaping well-configured VSCode extensions (for profit)
Malware Analysis, News and Indicators - Latest topics malware.news
By Vasco Franco
In part one of this two-part series, we escaped Webviews in real-world misconfigured VSCode extensions. But can we still escape extensions if they are well-configured?
In this post, we’ll demonstrate how I bypassed a Webview’s localResourceRoots by exploiting small URL parsing differences between the browser—i.e., the Electron-created Chromium instance where VSCode and its Webviews run—and other VSCode logic and an over-reliance on the browser to do path normalization. This bypass allows an attacker with JavaScript execution …
browser bypass chromium electron escape exploiting extensions instance logic parsing path profit run series url vscode webview world