1. The forked process has a copy of the program state. If I'm trying to steal in-process secrets, I can do it from the forked process.
2. The forked process is just as privileged as the original process. If I'm trying to obtain code execution, I don't care which process I'm in.
This is why Chrome at al. have full-fledged sandboxes that communicate over restricted IPC; they don't fork the same process and call it a day.
1. The forked process has a copy of the program state. If I'm trying to steal in-process secrets, I can do it from the forked process.
2. The forked process is just as privileged as the original process. If I'm trying to obtain code execution, I don't care which process I'm in.
This is why Chrome at al. have full-fledged sandboxes that communicate over restricted IPC; they don't fork the same process and call it a day.