I have so many questions after reading this. Like this example:<p><pre><code> [
// Call console.log
"@", [".", ["console"], "log"],
// Verbatim call parameter
"hi"
]
</code></pre>
What sort of sandboxing model is susceptible to this?<p>I can't imagine any sort of principled sandboxing model that would be susceptible to running a whole interpreter within. Protections should go on the equivalent of syscalls, the side-effects code can have. We've known this for -- conservatively -- 30 years. Can somebody with knowledge explain how these extensions are breaking Chrome's security sandbox?