An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
August 15, 2018 11:20 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lrxWB2JWO7M/google-patches-chrome-bug-that-lets-attackers-steal-web-secrets-via-audio-or-video-html-ta
Google Patches Chrome Bug That Lets Attackers Steal Web Secrets Via Audio Or Video HTML Tags
An anonymous reader writes: "Google has patched a vulnerability in the Chrome browser that allows an attacker to retrieve sensitive information from other sites via audio or video HTML tags," reports Bleeping Computer. The attack breaks CORS -- Cross-Origin Resource Sharing, a browser security feature that prevents sites from loading resources from other websites -- and will attempt to load resources (some of which can reveal information about users) inside audio and video HTML tags. During tests, a researcher retrieved age and gender information from Facebook users, but another researcher says the bug can be also used to retrieve data from corporate backends or private APIs. Ron Masas, a security researcher with Imperva, first discovered and reported this issue to Google. The bug was fixed at the end of July with the release of Chrome v68.0.3440.75.at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lrxWB2JWO7M/google-patches-chrome-bug-that-lets-attackers-steal-web-secrets-via-audio-or-video-html-ta
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot