![]() ![]() ![]() Imperva's analysis of Chrome's file handling mechanism (and by extension Chromium) found that when a user directly dragged and dropped a folder onto a file input element, the browser resolved all the symlinks recursively without presenting any warning. Dubbed SymStealer, the vulnerability, at its core, relates to a type of weakness known as symbolic link (aka symlink) following, which occurs when an attacker abuses the feature to bypass the file system restrictions of a program to operate on unauthorized files. ![]()
0 Comments
Leave a Reply. |