ChatGPT allows access to underlying sandbox OS, “playbook” data

November 14, 2024 at 11:16AM Researcher Marco Figueroa identified vulnerabilities in OpenAI’s ChatGPT sandbox, allowing file uploads, Python script execution, and access to sensitive configurations. While interactions remain confined to the sandbox, these flaws could lead to reverse-engineering of security measures. OpenAI was notified but only expressed interest in one specific issue. ### Meeting Takeaways: … Read more

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover

April 30, 2024 at 01:33PM Three critical-severity vulnerabilities in the Judge0 open source service enable sandbox escapes and complete host machine takeovers. The flaws impact versions before 1.13.1 and can lead to code execution outside the sandbox, privilege escalation, and full system access. While version 1.13.1 addresses the issues, the potential for exploitation via other … Read more

Google Adds V8 Sandbox to Chrome

April 8, 2024 at 07:36AM Google has introduced a new sandbox to combat memory safety bugs in its Chrome V8 engine. The tech giant also included it in the bug bounty program, aiming to enhance the browser’s security. This update was featured on SecurityWeek. Based on the meeting notes, it appears that Google is implementing … Read more