So without root password how do you install anything? I think this is a hack on the browsers not he OS. I didn’t read the links so I am not sure.
I believe it is an attack on a poorly-coded SUID root function.
Certain executables in Unix run SID root, which means that the program runs as root even if the user is an ordinary user. For example, the ‘ls’ command runs as root, so any user can see any other user’s processes. Provided the executables are properly coded and tested, this is not an issue. But a big part of the Unix hacker’s toolkit is to try to get an SUID binary to execute arbitrary code, so these functions have to be careful tested.