[bennyg]

This is a fun idea, are there any browsers that hide the VM from end users so it looks and feels like a browser instance but is actually a tunnel into a sandboxed VM that’s being painted to?

[Chabsff]

That's kinda-sorta what they all do already. Not full OS-level VM abstraction, but surprisingly close to it. Exploits like this need to be paired with sandbox-escaping in order to do damage beyond the current browsing session (which VMs wouldn't help with in the first place). And the distinction between sandbox-escaping and VM-escaping is rather thin.

[Syonyk]

> And the distinction between sandbox-escaping and VM-escaping is rather thin.

Eh, I think it's a good bit harder to escape a HVM isolated virtual machine than a sandbox. At least, I'm not aware of many cross-Xen VM escapes.

[Chabsff]

Yes, I should have added that I'm referring specifically to the scenario OP is suggesting, which would require a host <-> client IPC channel, opening up the VM to similar attack vectors to a sandbox.

[taway1237]

There's a huge difference. Browser sandboxes are not "real" VMs and share a kernel. And in case of Chromium it's enough to read a few bytes from another process (token) to escape.

[nolist_policy]

Can you elaborate on that? What do tokens have to do with breaking out of a sandbox?

[lmm]

There used to be dozens of them at any given time; maybe they're a bit rarer now that cloud providers have been banging on them for a while.

[tech234a]

This exists as an option for Microsoft Edge on Windows: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-...

[mminer237]

The problem is that browsers are the biggest attack vectors but also the most valuable targets. Getting a user's email password or cookie is probably the most damaging thing they could get unless you're the type to buy cryptocurrencies.

[hiatus]

Not your bank? Email and bank login should be sufficient to change mfa and other settings and lock you out long enough to have forged checks drawn and cashed against your account.