A sandbox bypass vulnerability was discovered in a file sharing implementation using a document picker. The flaw involved trusting file paths without validation, some of which pointed outside the expected sandbox scope. This led to unexpected files being processed and eventual data exposure. The fix required strict path validation and sandbox checks on every file access, with no assumptions about path safety.
•1m watch time
Sort: