Sandbox Escape
What is Sandbox Escape?
Sandbox EscapeA vulnerability or exploit chain that lets code break out of an isolating sandbox — browser, VM, or hypervisor — to gain code execution in the surrounding host environment.
Sandbox escape refers to defeating a security boundary that was designed to confine untrusted code. The most public examples are browser sandboxes (Chromium's renderer-to-broker boundary, WebKit's WebContent process), language runtimes (V8, JavaScriptCore), application sandboxes (macOS Seatbelt, Windows AppContainer), container engines (runc CVE-2019-5736, Docker breakouts) and full hypervisor escapes (VENOM CVE-2015-3456 in QEMU, the VMware ESXi escapes demonstrated at Pwn2Own 2017 and 2021 by Team Sniper and Synacktiv). Such chains typically combine a memory-corruption bug in the sandboxed process with a kernel or hypervisor-side vulnerability that the sandbox API accidentally exposes. Pwn2Own, Project Zero and the Microsoft MSRC have driven much of the public research, leading to mitigations like Site Isolation, V8 sandbox, and Hyper-V VBS.
● Examples
- 01
Chrome 0-day chain at Pwn2Own that escapes the renderer sandbox to execute code in the browser broker.
- 02
VENOM (CVE-2015-3456) escaping the QEMU floppy controller into the host kernel.
● Frequently asked questions
What is Sandbox Escape?
A vulnerability or exploit chain that lets code break out of an isolating sandbox — browser, VM, or hypervisor — to gain code execution in the surrounding host environment. It belongs to the Defense & Operations category of cybersecurity.
What does Sandbox Escape mean?
A vulnerability or exploit chain that lets code break out of an isolating sandbox — browser, VM, or hypervisor — to gain code execution in the surrounding host environment.
How does Sandbox Escape work?
Sandbox escape refers to defeating a security boundary that was designed to confine untrusted code. The most public examples are browser sandboxes (Chromium's renderer-to-broker boundary, WebKit's WebContent process), language runtimes (V8, JavaScriptCore), application sandboxes (macOS Seatbelt, Windows AppContainer), container engines (runc CVE-2019-5736, Docker breakouts) and full hypervisor escapes (VENOM CVE-2015-3456 in QEMU, the VMware ESXi escapes demonstrated at Pwn2Own 2017 and 2021 by Team Sniper and Synacktiv). Such chains typically combine a memory-corruption bug in the sandboxed process with a kernel or hypervisor-side vulnerability that the sandbox API accidentally exposes. Pwn2Own, Project Zero and the Microsoft MSRC have driven much of the public research, leading to mitigations like Site Isolation, V8 sandbox, and Hyper-V VBS.
How do you defend against Sandbox Escape?
Defences for Sandbox Escape typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Sandbox Escape?
Common alternative names include: VM escape, Hypervisor escape, Browser sandbox escape.
● Related terms
- appsec№ 129
Browser Sandbox
An OS-level isolation layer that confines a browser's renderer and helper processes so that compromised web code cannot read the file system or other applications.
- cloud-security№ 211
Container Escape
An exploit that breaks the isolation boundary between a container and its host, giving the attacker code execution on the underlying node or kernel.
- vulnerabilities№ 399
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
- defense-ops№ 963
Sandbox / Emulator Detection
Anti-analysis techniques in malware that recognize when the host is an analysis sandbox, emulator, or virtual machine and then refuse to detonate to evade detection.
- attacks№ 862
Process Injection
A family of evasion techniques in which an attacker runs malicious code inside the address space of a legitimate process to inherit its trust and identity.
- defense-ops№ 298
Defense Evasion
The MITRE ATT&CK tactic (TA0005) covering techniques attackers use to avoid detection, disable security tools, and hide their activity on a target system.
● See also
- № 1051Site Isolation