Security Research
Spoofing Downloaded Filename’s Extension in Chromium
When there is insufficient data validation in File System API, it allows the attacker to bypass file system restrictions remotely in Windows OS using a crafted HTML page. An attacker can easily use this vulnerability to target a victim, because the script can be manipulated to execute another command that might be used in conjunction with another vulnerability, hence raising an even bigger security concern.
Key Pointers:
- Introduction to spoofing and how it works
- Understanding the filename extension spoofing in Chromium
- Understanding the vulnerability and its impact
- Setting up the lab environment to demonstrate the exploitation of Chromium vulnerability
- Mitigations to prevent such attacks