undefined | Better HN

story

0 pointstedunangst8y ago0 comments

Assuming the sandbox works. If the sandbox is porous, the attack surface balloons from apps I choose to install to every link I click.

0 comments

Ajedi328y ago

Not every link you click. Only sites that you grant access to the necessary attack surface. The Web USB API can't be attacked by sites that you haven't granted access to it.

codedokode8y ago

What if that privileged website has XSS vulnerability?

Ajedi328y ago

Then the attacker gets access to that USB device. (And only that USB device.)

What if your unsandboxed native USB utility has an RCE vulnerability?

j / k navigate · click thread line to collapse

0 comments

Ajedi328y ago

Not every link you click. Only sites that you grant access to the necessary attack surface. The Web USB API can't be attacked by sites that you haven't granted access to it.

codedokode8y ago

What if that privileged website has XSS vulnerability?

Ajedi328y ago

Then the attacker gets access to that USB device. (And only that USB device.)

What if your unsandboxed native USB utility has an RCE vulnerability?

j / k navigate · click thread line to collapse