[Syonyk]

> And the distinction between sandbox-escaping and VM-escaping is rather thin.

Eh, I think it's a good bit harder to escape a HVM isolated virtual machine than a sandbox. At least, I'm not aware of many cross-Xen VM escapes.

[Chabsff]

Yes, I should have added that I'm referring specifically to the scenario OP is suggesting, which would require a host <-> client IPC channel, opening up the VM to similar attack vectors to a sandbox.

[taway1237]

There's a huge difference. Browser sandboxes are not "real" VMs and share a kernel. And in case of Chromium it's enough to read a few bytes from another process (token) to escape.

[nolist_policy]

Can you elaborate on that? What do tokens have to do with breaking out of a sandbox?

[lmm]

There used to be dozens of them at any given time; maybe they're a bit rarer now that cloud providers have been banging on them for a while.