Security News > 2023 > April > S3 Ep132: Proof-of-concept lets anyone hack at will
DOUG. Remote code execution, remote code execution, and 2FA codes in the cloud.
The remote code execution bug they patched at the end of March 2023.
My understanding is that one of them, the JavaScript one, essentially gives remote code execution, where you can get the browser to run code it's not supposed to.
You get your code to run, and then you jump outside the strictures that are supposed to constrain code running inside a browser.
Because you can imagine: one lets you break *into* the browser, and the other lets you break *out* of the browser.
The idea of a bug like this, because it's remote code execution, is: you look; the browser attempts to present something in its controlled way; it should be 100% safe.
News URL
https://nakedsecurity.sophos.com/2023/04/27/s3-ep132-proof-of-concept-lets-anyone-hack-at-will/