Here's a list of (most recent first) vulnerabilities reported by others or discovered internally at BrowserGap.
We're working to make the web more secure by isolating the threat from the public internet using remote browser isolation. We do this to deliver secure browsing to our clients and to help limit the spread of malware and other contagions. Reporting transparency around our security policy, as well as acknowledgements of responsible disclosures (with the consent of the discloser), is an important aspect of how we achieve that.
Matthew Bryant (@IAmMandatory) Joystick//BrowserGap SSRF to Cloud Metadata Server Vulnerability
Time: 8:05 AM Oct 30 2019 (GMT+8)
This vulnerability was responsibly disclosed by Matthew Bryant, a security researcher and owner of the startup Refinery Labs. Refinery Labs enables, among other things, code-less workflow automation. It's really cool, you should check it out!
Even though I had no previous association with Matthew, after I shared the Free 30 Minute Demo site on Show HN, Matthew reached out to me via email with a really thorough report of a vulnerability he discovered. I immediately suspended the service and looked into the issue that was raised. I pushed out a couple of mitigations and ran it by Matthew who said it looked good and I should also consider further networking restrictions using iptables, which I then implemented.
The vulnerability involved the instance where the remote isolated browser run being privileged to access internal cloud provider metadata services related to all services I run on that cloud provider. A similar vulnerability previously affected Shopify.
The mitigations involved using iptables and firewall rules to restrict access of remote browser instances to internal and link local network addresses. I posted a summary of the play-by-play to the original HN post.