Originally posted by Weasel
View Post
Where is the data you are targeting Weasel.
[wasm malware in browser] This is one sandbox.
[wasm application in browser] this is in different sandbox. This has the golden data wasm malware wants. This is simple example right. Wasm application can be using canvas and other options in browser that make it hard for the wasm malware.
Now lets look at greenfield.
[wasm malware in browser] this again in one sandbox.
[Greenfield Wayland compositor] this is number 2 sandbox.
[Greenfield Wayland application running in hidden iframe] number 3 sandbox.
Yes you now depend on insecure Wasm XSS that the malware now can target. Yes all output from the application is crossing over the XSS that poorly secured. This is also true with WiredX done back in the Java day.
Running 2 wasm instead of one using greenfield does increase your attack surface area because the messaging between the two wasm applications cannot be secured inside current browsers. .
arbitrary code execution inside a sandbox does not mean you can access everything. Wasm malware cannot by design go snooping around in memory of other wasm applications running in the same window/tab. Instead Wasm malware end up targeting wasm communication to trick the Wasm application into giving it the information it wants.
X11 or Wayland in Wasm is going to give large attack surface by increasing the XSS communication.
Comment