Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features


As we get started, let me say that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer!

Log in or sign up to leave a comment

level 1

Amazing how such young people are experts at finding these vulnerabilities.

Any idea how much he must've got paid by Google for this?

level 2

Ashish Dhone the discoverer? I think he works at Google and was who discovered it. His Twitter claims he is one of the best at bug bounties.

Edit: not works at Google. He submitted to Google.

level 2

If google pays through the bug bounty program, a few grand most likely.

If they were to sell it on a zero day market about 2x-3x what google would pay.

level 2

Young people,

I’m no expert but my cyber security teacher in college likes to say and laugh at the term, “you can’t defend your network, or your software from anyone younger than you.”

level 1

Is this bug in other chromium-based browsers?

level 2

Most Chromium-based browsers have their own implementation of New Tab page, so the bug doesn’t affect all browsers, Kokatsu said, adding that Edge was not vulnerable to the attack.

Let's not forget that camDown helps stop foreign state actors (FSA's) from accessing your webcam and your smart friends would say the same.