spoofing downloaded filename’s extension in chromium
Security Research

Spoofing Downloaded Filename’s Extension in Chromium

When there is insufficient data validation in File System API, it allows the attacker to bypass file system restrictions remotely in Windows OS using a crafted HTML page. An attacker can easily use this vulnerability to target a victim, because the script can be manipulated to execute another command that might be used in conjunction with another vulnerability, hence raising an even bigger security concern.

Key Pointers:
  • Introduction to spoofing and how it works
  • Understanding the filename extension spoofing in Chromium
  • Understanding the vulnerability and its impact
  • Setting up the lab environment to demonstrate the exploitation of Chromium vulnerability
  • Mitigations to prevent such attacks
Get the Research Paper
Thank You for your interest in Safe Security!
Your request content is now available!
Invalid Inputs!

Brands that
trust our competence

Explore more
molina logo
icici logo
british telecom logo
munichre logo
newscorp logo
kfc logo