'CrossBarking' Attack Exposes Opera Browser Users via APIs
(www.darkreading.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 30 Oct 14:25
https://lemmy.zip/post/25402374
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 30 Oct 14:25
https://lemmy.zip/post/25402374
Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.
threaded - newest
Private APIs that “trusted sites” have access to that can make all sorts of browser-level changes?
So many questions:
Why in the hell? No, seriously what big-brain was involved in the idea that some site needs that level of access to my browser?
Who didn’t see this coming? I mean if you make basically a secret back door, of COURSE your shit’s getting pwnt as soon as someone else notices it.
Also note to self: don’t install Opera I guess.