![spoofing downloaded filename’s extension in chromium](/assets/img/research-paper/preview/chromium-file-name-extension-spoofing.png)
Security Research
Spoofing Downloaded Filename’s Extension in Chromium
When there is insufficient data validation in File System API, it allows the attacker to bypass file system restrictions remotely in Windows OS using a crafted HTML page. An attacker can easily use this vulnerability to target a victim, because the script can be manipulated to execute another command that might be used in conjunction with another vulnerability, hence raising an even bigger security concern.
Key Pointers:
- Introduction to spoofing and how it works
- Understanding the filename extension spoofing in Chromium
- Understanding the vulnerability and its impact
- Setting up the lab environment to demonstrate the exploitation of Chromium vulnerability
- Mitigations to prevent such attacks
Brands that
trust our competence
Explore more![kfc logo](/assets/img/homee/customers/logos/kfc-logo.png)
![discover logo](/assets/img/homee/customers/logos/discover-financial-services.png)
![adp logo](/assets/img/homee/customers/logos/adp.png)
![adbed bath beyond logo](/assets/img/homee/customers/logos/bed-bath-and-beyond.png)
![expedia logo](/assets/img/homee/customers/logos/expedia.png)
![chipotle logo](/assets/img/homee/customers/logos/chipotle-mexican-grill-inc.png)
![molina](/assets/img/homee/customers/logos/molina.png)
![Mosaic Insurance logo](/assets/img/homee/customers/new-logos/mosaic-insurance.png)
![](/assets/img/homee/customers/logos/cedar-sinai.png)
![dell logo](/assets/img/homee/customers/logos/dell.png)
![fannie-mae logo](/assets/img/homee/customers/logos/fannie-mae.png)
![maersk logo](/assets/img/homee/customers/logos/maersk.png)
![gsk logo](/assets/img/homee/customers/new-logos/gsk.png)
![wiz logo](/assets/img/homee/customers/new-logos/wiz.png)
![bt logo](/assets/img/homee/customers/new-logos/bt.png)