VM Escape via Chrome and VMware: Six‑CVE Attack Chain
A Korean security firm demonstrated a real‑world VM‑escape chain in which a user clicking a malicious Chrome link inside a VMware guest triggers six linked CVEs—two Chrome sandbox bypasses, two Windows kernel driver flaws, a VM‑information leak, and a Bluetooth buffer overflow—ultimately granting the attacker host‑level code execution and full system compromise.
The article explains a real‑world VM‑escape attack demonstrated by a Korean security firm, where a user clicks a malicious link in Chrome running inside a VMware virtual machine and the host physical machine becomes compromised.
The attack chain consists of six CVEs:
CVE-2023-3079 : Chrome V8 JavaScript engine remote code execution.
CVE-2023-21674 : Privilege escalation out of Chromium sandbox.
CVE-2023-29360 : Windows kernel driver vulnerability granting system‑level rights.
CVE-2023-34044 : Information‑gathering vulnerability exposing VM internals.
CVE-2023-20869 : Exploits shared Bluetooth device channel to trigger a host buffer overflow.
CVE-2023-36802 : Another Windows kernel driver flaw that gives the attacker highest privileges on the host.
By sequentially exploiting these flaws, the attacker obtains high privileges inside the VM, extracts sensitive VM data, and finally executes code on the host, demonstrating how a simple click can lead to a full APT‑style compromise.
Java Tech Enthusiast
Sharing computer programming language knowledge, focusing on Java fundamentals, data structures, related tools, Spring Cloud, IntelliJ IDEA... Book giveaways, red‑packet rewards and other perks await!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.