spoofing downloaded filename’s extension in chromium
Security Research

Spoofing Downloaded Filename’s Extension in Chromium

When there is insufficient data validation in File System API, it allows the attacker to bypass file system restrictions remotely in Windows OS using a crafted HTML page. An attacker can easily use this vulnerability to target a victim, because the script can be manipulated to execute another command that might be used in conjunction with another vulnerability, hence raising an even bigger security concern.

Key Pointers:
  • Introduction to spoofing and how it works
  • Understanding the filename extension spoofing in Chromium
  • Understanding the vulnerability and its impact
  • Setting up the lab environment to demonstrate the exploitation of Chromium vulnerability
  • Mitigations to prevent such attacks

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo