2) McAfee WebAdvisor is sloppy when handling HTML code, the browser extension is full of potential XSS vulnerabilities. One of those was exploitable, turned out that even CSP won't always save you then. Administrator privileges from any website. 3/5
3) Bitdefender replaces browsers' built-in SSL warning pages which is surprisingly problematic. Quite remarkable what one can do with the security tokens found there. Arbitrary code execution from any website when opened in any browser. 4/5
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
All of that without any fancy buffer overflows or such, merely abusing existing application logic. Could it be that antivirus vendors focused so much on hardening their binary code that they forgot the low-hanging fruit? And is it really hardened?
To be continued… 5/5
1) Avast Secure Browser did everything in their power to maximize the attack surface. The attack worked because two security mechanisms were explicitly disabled for no good reason. Arbitrary code execution from any website. 2/5
https://palant.info/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/