Overview
Explore the security vulnerabilities of the File System Access API in this 27-minute Black Hat conference talk. Discover how a malicious website can exploit this newly deployed browser feature to gain arbitrary code execution and bypass security measures. Learn about the potential risks associated with the API's ability to read, write, and edit files on user devices. Gain insights into how attackers can circumvent operating system scans, security product checks, and even manual inspections to inject malicious code. Presented by Matthew Weeks, this talk delves into the shortcomings of the API's security features and highlights the importance of understanding its implications for web security.
Syllabus
Internal Affairs: Hacking File System Access from the Web
Taught by
Black Hat