In late 2022, Chrome fixed an anonymously reported vulnerability in the Mojo IPC implementation, noting that there was an exploit for this vulnerability in the wild. The details of the report have not been made public, and as a Chrome sandbox-escape connoisseur I feel this bug deserves a bit more love - so in this talk I'll give a full explanation of the bug (and the context around it), and then briefly discuss the exploitation primitives that it provided.
Mark Brand is a software engineer on Google's Project Zero team, which aims to reduce harm caused by targeted attacks on the Internet. His current focus is on web browser security.
