This issue was addressed by forbidding cross-origin data sharing by default. Screen sharing with untrusted sites was previously possible in Google Chrome. This issue was addressed by changing the screen sharing default to disallow untrusted sites.
was an issue in Google Chrome that allowed remote attackers to bypass the Same Origin Policy via a screen share request.
In this issue, user input passed in to a web site was not sanitized before being used in screen sharing. This issue was addressed by sanitizing user input before using it in screen sharing.
In September 2017, a security researcher reported a flaw in Chrome’s screen sharing that could be used by remote attackers to steal sensitive information from targeted users.
In this issue, Google Chrome did not enforce Same Origin Policy for HTML elements when using screen sharing. This issue was addressed by enforcing Same Origin Policy for HTML elements when using screen sharing.
A security researcher reported a cross-site scripting (XSS) flaw in Google Chrome that could cause information from a user’s computer to be sent to malicious websites when using the screen sharing feature.
This issue was addressed by fixing XSS issues in Google Chrome.
In September 2017, a security researcher reported a privilege escalation flaw in Google Chrome’s screen sharing that could be used by malicious websites to cause a user’s PC to execute code with elevated privileges
How does Google Chrome protect users from this?
In this issue, Google Chrome did not sanitize the user input when using screen sharing. This issue was addressed by sanitizing user input before using it in screen sharing.
In September 2017, a security researcher reported a flaw in Chrome’s screen sharing that could be used by remote attackers to steal sensitive information from targeted users.
This issue was addressed by enforcing Same Origin Policy for HTML elements when using screen sharing.
Google Chrome’s WebRTC flaw
In this issue, Google Chrome did not properly validate the origin of a permission request before granting it. This issue was addressed by validating permissions requests before granting them.
In September 2017, a security researcher reported a flaw in Google Chrome’s browser extension model that could be used by remote attackers to steal sensitive information from targeted users.
This issue was addressed by fixing XSS issues in Google Chrome’s browser extension model.
Timeline
Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC