This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A recently patched vulnerability in the Chromium project enabled malicious parties to inject code in embedded site pages, despite the fact that these resources were separated from the parent website.
Chromium is an open-source browser project that intends to make the web a safer, faster, and more stable experience for everyone. The site provides design documents, architecture overviews, testing information to assists users in learning to build and work with the Chromium source code.
The security researcher who initially discovered the vulnerability presented a proof of concept that illustrates an attacker-controlled website abusing the vulnerability to manipulate the information of an embedded website, despite the fact that the target and destinations are on different servers.
As illustrated in a recent post on the Chromium website, the vulnerability may be leveraged even if the web browser “site isolation” feature is turned on. Site isolation is a security feature that divides each website into its own process to increase security.
According to the expert, inter-process communication of isolated processes featured a race condition, which is an attack that targets systems that must execute the task in several phases. If the system is susceptible for a brief period of time between execution steps, the attacker can take advantage of the security vulnerability to make destructive changes. Among other exploits, this flaw may allow intruders to insert malicious code into embedded sites or steal personal information from users.
Security Researcher Discovers Serious Flaw in Chromium, Bags $15,000 Reward