Cutting Edge: Microsoft Browser Security — From People Who Owned It presented at blackhatEurope 2018

by Wei Wei, Chuanda Ding, Zhipeng Huo,

Summary : Microsoft Edge, the new default browser for Windows 10, is heavily sandboxed. In fact, it is probably the only browser with its main process running inside a sandbox. Microsoft even goes to great length to design and implement platform security features exclusively for Microsoft Edge.In this talk, we will take a deep dive into the Microsoft Edge security architecture. This includes sandbox initialization, browser broker implementation, inter-process communication, and renderer security isolation. We will present two logical sandbox escape bug chain consists of three bugs for Microsoft Edge, one of which we've used in Pwn2Own, and the other two are completely new. They are entirely different from memory corruption bugs, as all we've done is abusing normal features implemented in the browser and operating system.