Google engineers plot to mitigate prototype pollution


Google’s software developers have proposed a plan to combat prototype pollution, a kind of vulnerability that has become a major problem for online security. A weakness in the JavaScript programming language called prototype pollution enables attackers to change things that they don’t own or have access to in real time. The issue is that there isn’t a distinct line separating items from their blueprints. A technical working body called TC39 has been asked to approve the Google-backed proposal, which tries to draw a line between JavaScript objects and blueprints. “Removing the paths that allow attackers to go from items to blueprints” is how the technique operates.

Read More…