![]() ![]() They also showed real interest and care about remediating further issues in the extension and stated they’d be further hardening the codebase. For this reason the latest version of the extension is no longer vulnerable to this issue. Texthelp, the company who created he extension, patched quickly and released a fix the next business day (nice work!). See the video proof-of-concept below for a demonstration of the issue. This is of course not a vulnerability in Gmail, but is an example of the exploitation that can occur using this vulnerability. As a proof of concept, I’ve created an exploit which, upon being viewed with the Read&Write extension installed, will steal and display all of the user’s emails. By abusing this call an attacker can hijack the extension to read data from other websites using the victim’s authenticated sessions. For example, the background API call with a method name of “thGetVoices” which allows for providing an arbitrary URL which will be retrieved by the extension and the response returned via “postMessage”. ![]() Many of these APIs allow for dangerous actions which are not meant to be callable by arbitrary web pages on the internet. Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)ĭue to a lack of proper origin checks in the message passing from regular web pages, any arbitrary web page is able to call privileged background page APIs for the Read&Write Chrome extension (vulnerable version 1.8.0.139).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |