Prototype pollution bug in Chromium bypassed Sanitizer API


An attack-bypassing Sanitizer API, a built-in browser library for eliminating potentially harmful code from user-controlled input sources, was made possible by a prototype pollution problem in the Chromium project.

A specific kind of JavaScript flaw known as prototype pollution enables attackers to manipulate an application’s behaviour and hack it in a number of different ways. The flaw, which was discovered by security researcher Micha Bentkowski, emphasises the difficulties in guarding against client-side prototype pollution attacks. Read More…