👹 [ sn🥶vvcr💥sh @snovvcrash ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]