
Security Risks of Chromium-Based Browsers in Server-Side AI Systems Highlighted by Researchers
Researchers from Tencent Security Xuanwu Lab presented findings on security risks introduced by deploying Chromium-based browsers in server-side environments, particularly in AI-driven systems like large language models (LLMs). The talk highlighted key differences between client-side and server-side browsers, noting that server-side instances—often running headless Chrome via tools like Puppeteer or Playwright—face relaxed attack conditions, slower update cycles, and disabled sandboxes due to container compatibility issues. Demonstrated exploits included bypassing URL whitelists, triggering remote code execution (RCE) via WebAssembly vulnerabilities, and leveraging delayed background crawlers to access malicious pages, with successful RCE achieved in six of seven tested LLM products. The team proposed defense strategies such as disabling unnecessary subsystems (e.g., GPU, WebGL, V8’s optimizing compilers like Maglev), and implementing behavior-based sandboxes using seccomp-notify and ptrace to monitor and block unauthorized system calls (e.g., exec, socket, connect). Real-world examples included exploiting AI search features to access sensitive files (e.g., /etc/passwd) and achieving RCE on a major platform with hundreds of billions of users. The research emphasized shifting from vulnerability prevention to post-exploitation damage control, given the inevitability of zero-day exploits in server-side browsers.