Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
August 15, 2018 11:20 pm

Google Patches Chrome Bug That Lets Attackers Steal Web Secrets Via Audio Or Video HTML Tags

An anonymous reader writes: "Google has patched a vulnerability in the Chrome browser that allows an attacker to retrieve sensitive information from other sites via audio or video HTML tags," reports Bleeping Computer. The attack breaks CORS -- Cross-Origin Resource Sharing, a browser security feature that prevents sites from loading resources from other websites -- and will attempt to load resources (some of which can reveal information about users) inside audio and video HTML tags. During tests, a researcher retrieved age and gender information from Facebook users, but another researcher says the bug can be also used to retrieve data from corporate backends or private APIs. Ron Masas, a security researcher with Imperva, first discovered and reported this issue to Google. The bug was fixed at the end of July with the release of Chrome v68.0.3440.75.

at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lrxWB2JWO7M/google-patches-chrome-bug-that-lets-attackers-steal-web-secrets-via-audio-or-video-html-ta

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot