Spoofing Downloaded Filename’s Extension in Chromium
When there is insufficient data validation in File System API, it allows the attacker to bypass file system restrictions remotely in Windows OS using a crafted HTML page. An attacker can easily use this vulnerability to target a victim, because the script can be manipulated to execute another command that might be used in conjunction with another vulnerability, hence raising an even bigger security concern.
- Introduction to spoofing and how it works
- Understanding the filename extension spoofing in Chromium
- Understanding the vulnerability and its impact
- Setting up the lab environment to demonstrate the exploitation of Chromium vulnerability
- Mitigations to prevent such attacks