A privilege escalation from Chrome extensions (2023)

Summary

What's the worst thing a Chrome extension could do to you? Well, it could steal your passwords and cookies, or it could continuously close your tabs. Obviously, these are bad and annoying, but there are limitations to the power of extensions. Can they run exe files? Not really. They can download files at any time, but opening those downloads requires a special permission and a user gesture. Can they change your settings? Generally, no. The general design idea for Chrome extensions is that they shouldn't be able to make permanent changes that persist after they're uninstalled. Alright then, what about editing or reading local files? The rules are a little convoluted when it comes to this: Extensions shouldn't be able to read local files That is, unless the "allow access to file URLs" switch is turned on in the extension's options Chrome apps--like the Text app--are sometimes sometimes able to edit local files, but only when those files are explicitly opened by the user Of course, these limitations have their occasional bypasses. For example, Google awarded $10,000 to a bug report which showed that extensions could read local files by screenshotting them. But there are more dangerous things than file reads. It's generally agreed upon that a full "sandbox escape" for an extension is when the extension runs an executable file without user interaction. Then the attack moves out of the browser as the executable starts attacking the user's operating system using other bugs. The way these attacks almost always work--or at least in theory--is that the extension abuses a bug to run code on a page more privileged than itself. Specifically, on chrome:// URLs: privileged WebUI pages which sometimes have permission to open downloads and change settings. Normally, extensions should only be able to run code on http(s) URLs, but every once in a while, bypasses are found using powerful but rare permissions like debugger, devtools, and input. A good example of a sandbox escape is this...