Announcement

Collapse
No announcement yet.

Chrome 61 Beta Rolls Out With JavaScript Modules, WebUSB Support

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    At least once a week I get a security announcement with 50+ serious issues in Chromium forcing me to recompile the damn thing over and over again (Gentoo). The last thing I need is yet bigger attack surface! Get rid of all that crap and make a browser that displays web pages in a secure fashion instead!

    Comment


    • #22
      Originally posted by debianxfce View Post

      The list of Linux malware is short and "few if any are in the wild, and most have been rendered obsolete by Linux updates or were never a threat."
      https://en.wikipedia.org/wiki/Linux_malware
      Yes, but this WebUSB support is for Chrome which runs on more than just Linux. This might be very bad for Windows and macOS users running Chrome.

      Comment


      • #23
        The Web Share API is very useful. For instance, if your Google Chromium detects that you are a communist, it shares automatically with your government or relevant political/security services.

        Comment


        • #24
          Originally posted by grok View Post
          The Web Share API is very useful. For instance, if your Google Chromium detects that you are a communist, it shares automatically with your government or relevant political/security services.
          ├Łou are a communist, I'm sending this forum thread to NSA and DARPA...

          Comment


          • #25
            Originally posted by uid313 View Post
            This WebUSB thing sounds pretty scary. Imaging malware spreading on some advertising network or CDN, and it uses WebUSB to infect millions of USB devices.
            Writes malware to USB storage devices, and rewrites firmware on webcam, keyboard, mouse, printers, scanners, etc.
            Uhm, can you please state where in the API it shows that random websites can reflash a USB device firmware?

            Comment


            • #26
              Originally posted by schmidtbag View Post
              Do you know for a fact WebGL can access system memory or are you just assuming that? I get the impression it is a layer abstracted from direct OpenGL, which ought to prevent low-level hardware access.
              You can abstract it all you want, the whole point is that with WebGL you can send code to be run on GPU, and GPU has DMA (and even if it does not or there is IOMMU the GPU knows what you have on screen anyway).
              https://www.contextis.com/resources/...-exploitation/
              https://www.contextis.com/resources/...ecurity-flaws/

              USB devices are just as dangerous. Think keyloggers, webcams, flash drives, etc.
              Unless the USB device itself exposes WebUSB functionality, then it won't be exposed through WebUSB.
              https://wicg.github.io/webusb/#webus...ity-descriptor

              Comment


              • #27
                Originally posted by carewolf View Post
                It requires your USB devices to all be net-safe. Originally WebGL had security holes as well until the drivers and in some cases the GPUs were fixed to not be vulnerable.
                The USB device itself must advertise that it wants to use this functionality, it's not just flat enabled for all https://wicg.github.io/webusb/#webus...ity-descriptor

                Comment


                • #28
                  Originally posted by grok View Post
                  The Web Share API is very useful. For instance, if your Google Chromium detects that you are a communist, it shares automatically with your government or relevant political/security services.
                  Having access to USB devices isn't necessary to track down your internet usage and read your mail or steal your passwords. Have a good day citizen.

                  Comment


                  • #29
                    Originally posted by starshipeleven View Post
                    The USB device itself must advertise that it wants to use this functionality, it's not just flat enabled for all https://wicg.github.io/webusb/#webus...ity-descriptor
                    Neat. That also make a lot less useful though. and there are still many ways it can go wrong.

                    Comment


                    • #30
                      Originally posted by starshipeleven View Post
                      Uhm, can you please state where in the API it shows that random websites can reflash a USB device firmware?
                      It doesn't and it shouldn't.
                      But everything doesn't always go as planned. There are security vulnerabilities that can be exploited and unintentional things can occur.

                      Comment

                      Working...
                      X