cj-sp-pb

This post was made public on 27.8.2015. It was previously disclosed privately to Google. More info: Webcam spying with Chrome ———————————————————————————————————– Clickjacking and Spoofing the Google Chrome Permission Bar is Too Damn Easy The permission bar in Chrome suffers from a list of bugs that can be combined in »

Found a CSRF Flaw in a Big E-Commerce Website

tl;dr I stumbled upon some CSRF flaws in a very popular e-commerce website. CSRF flaws are generally overlooked and the only way for you as the user to minimize the risk is to logout from a website after you finished using it. This will limit the window of being »

Abusing The HTML5 Data-URI

[Update: Some of these examples were mitigated in Chrome 38 and 39] After seeing in the previous post how Data-URIs can be used as a mechanism to easily carry malicious code, I’ll elaborate more about the issues it presents. Some of it merely exists from the way Data-URIs are »

SVG For Fun and Phishing

What an awesome format is SVG, so powerful and so well supported by browsers. And yet it is barely being used, it’s not getting the love it deserves. Well, browsers love SVG, perhaps too much… SVG files are like little bundles of joy. Encapsulating graphics, animations and logic. One »