This link has been bookmarked by 22 people . It was first bookmarked on 28 Dec 2017, by Loughlin O'Nolan.
-
06 Jun 18
-
10 Jan 18tanuki_work
I'm not sure this is really a problem with browsers as much as it is the web sites themselves. If a web site lets a third-party load JavaScript in their own domain, then that JavaScript can pull the saved credentials from your browser's login manager without user interaction or knowledge. Chrome may require the user to click somewhere inside the page first in order to fill the password part, but that's not a big protection either. Some real-world sites do this though, they let third-party JS load.
-
03 Jan 18Graham Perrin
https://github.com/MrAlex94/Waterfox/issues/352
2017 2018 2018-01 2018-01-03 security privacy Mozilla Firefox Google Chrome Safari (web browser)
-
02 Jan 18
-
01 Jan 18
-
28 Dec 17Andy Kaplan-Myrth
No boundaries for user identities: Web trackers exploit browser login managers https://t.co/LEilI7vp8a
In the seco… https://t.co/SGXNGoxMgC -
Loughlin O'Nolan
We show how third-party scripts exploit browsers’ built-in login managers (also called password managers) to retrieve and exfiltrate user identifiers without user awareness. To the best of our knowledge, our research is the first to show that login …
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.