Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk


Information has been available on a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if abused, might have allowed for the theft of files holding sensitive data.

According to Imperva researcher Ron Masas, “The problem stemmed from the way the browser dealt with symlinks when processing files and directories.” The theft of sensitive files was made possible because the browser, specifically, “did not correctly check if the symlink was leading to a location that was not intended to be accessible.”

Read More…