By ading2210 on 10/16/24 Introduction This blog post details how I found CVE-2024-6778 and CVE-2024-5836, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension (with a tiny bit of user interaction). Eventually, Google paid me $20,000 for this bug report. In short, these bugs allowed a malicious Chrome extension to run any shell comman
