This issue is commonly known as symbolic link following. Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files. In the case of the vulnerability we disclosed to Google, the issue arose from the way the browser interacted with symlinks when processing files and directories. However, symlinks can also introduce vulnerabilities if they are not handled properly. This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way. It allows the operating system to treat the linked file or directory as if it were at the symlink’s location. What’s a symlink?Ī symlink, also known as a symbolic link, is a type of file that points to another file or directory. ![]() In this case, the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks. However, it also increases the likelihood of cross-browser vulnerabilities. The popularity of Chromium has many benefits, such as compatibility and security audits. ![]() Two other top 6 browsers, Opera and Edge, are based on Chromium, the open-source version of Chrome, bringing Chromium’s market share to over 70%. Chrome is the most widely used browser, with a 65.52% market share.
0 Comments
Leave a Reply. |