Re: What is the worst a browser exploit could do in Ubuntu?
Actually, that's not completely true. AFAIK, a keylogger must be run as root to work globally. A compromised Firefox could log keys you input to Firefox, but no where else.
Originally Posted by Hungry Man
This is what I'd be worried about because it's independent of operating system. Malicious addons and extensions can do a lot of harm, even if they don't use any fancy 0-days or backdoors.
Originally Posted by movieman
To answer OP's question, the worst would be to compromise the browser, use a 0-day to get out of any sandboxes (if the browser uses one), use a 0-day to gain root privileges, install a rootkit, and then do whatever it wants. More realistically though, you have to look at what a potential hacker would actually want to do. And most in this case want to make money. Most hackers infect computers by using "exploit packs", which are programs that a very advanced hacker makes and updates, and sells to other hackers, who can use it to put various exploits on either their own website(s) or hacked website(s). They can cost thousands of dollars, but they update themselves to include new 0-days as old ones are patched, and often include several different types of exploits to raise the chance success (such as a Java exploit, a Flash exploit, an ActiveX exploit, etc). Anyone who visits a website with an exploit pack has a chance of getting compromised. To understand the risk, very cheap exploit packs have infection success rate in the single digits, whereas the most expensive (that cost tens of thousands of dollars or more) ones have success rates only around 20-30%, and that's with Windows/Macintosh. So if you do visit a compromised site, not only is it unlikely it'll have an up-to-date exploit for your browser version, but you're also using Linux so even if Chrome/Firefox could be compromised its unlikely do be able to do anything because the exploit was designed for Windows/Mac.
Even if your computer was compromised and made part of, say, a botnet, even then there's no guarantee the effect will be horrible. Most botnets in fact are not designed to steal things like credit card or account info, but rather other activities such as Bitcoin mining (uses more electricity and may stress the computer but otherwise harmless), DDoSing (other than taking up internet bandwidth it's harmless to the bot), becoming a SOCKS proxy (may cause you to get caught for things you didn't do), hiding illegal data such as child pornography on your computer (this is probably the worst because "A virus did it" won't fly with the feds, but it is also the least likely scenario), etc.
A well funded government or private organization could probably pull this off if they target specifically you, but a hacker who's only in it for the money is going to stick with Windows/Mac (and more and more recently smart-phone OSes like iOS and Android). It is far, far, far more likely someone is going to steal your computer or your wallet than use a browser exploit targeted to Linux to steal credit card information, etc from your computer.
If you want to stay safe from browser exploits, I suggest you use either Firefox with NoScript (Firefox is the least secure but only it has NoScript which is a huge plus), or Chromium with all scripting disabled (Chromium has the best built-in security, but its extensions API makes it hard to port NoScript to it, and ScriptNo and NotScript all suck), and a secure AppArmor profile for either. Also exercise common sense. If you download everything you see and go to obscure Russian warez and porn sites, don't expect to stay safe with only technical barriers in place. If you are wise in your browsing habits, and also use secure applications, etc you'll be very secure.
The whole thing is so patently infantile, so foreign to reality, that to anyone with a friendly attitude to humanity it is painful to think that the great majority of mortals will never be able to rise above this view of life.