2. Sandbox escape (gain code execution outside the Chrome sandbox, with the privileges of the Chrome process, which aren’t very useful except to stage another exploit).
3. Local privilege escalation, usually a kernel bug or similar, to elevate to root where you can break the process “sandbox” and establish persistence.
1. Chrome code execution (gain foothold inside Chrome process).
2. Sandbox escape (gain code execution outside the Chrome sandbox, with the privileges of the Chrome process, which aren’t very useful except to stage another exploit).
3. Local privilege escalation, usually a kernel bug or similar, to elevate to root where you can break the process “sandbox” and establish persistence.