Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
TazeTSchnitzel
on Dec 5, 2018
|
parent
|
context
|
favorite
| on:
Chrome: trick users into giving access to all file...
I'm confused what happens here. Sure, you are tricked into pressing Return in a file open dialog. But you can't open the “file” `C:\`… right? Does that somehow let the page access files on the disk?
andrewguenther
on Dec 5, 2018
[–]
The file dialog allows opening of folders as well, so the exploit is basically tricking the user into saying "I want to upload the folder C:\"
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: