• Spendrill@lemm.ee
    link
    fedilink
    English
    arrow-up
    32
    ·
    7 months ago

    The threat applies to Google’s Chrome and Microsoft’s Edge browsers but not Apple’s Safari or Mozilla’s Firefox

    Oh dear. How sad. Never mind.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    ·
    7 months ago

    Looks like it’s just:

    1. Page prompts user for write access to directory
    2. User grants access
    3. Shocked Pikachu when page overwrites files

    The proper fix here IMO is to not let the user grant write or read access to an entire directory, only the files the page needs. Ideally, the only way a page could get write access to a directory is if the page owns the directory (i.e. the browser creates it for them and the user copies files into it).

  • the_crotch@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    Users can send and receive email, listen to music or watch a movie within a browser with the click of a button.

    They could do that 20 years ago. Who wrote this garbage?