Tags:


The Same Origin Concern

This document focuses on the β€œsame origin concern”, describing the lack of control apps have over new realms that rise under their own origin, as well as its implications on their safety, how current efforts to address it fail and what browsers can do to help ship a secure and performant solution for the problem

Snow stops playing nice - security first at the cost of everything else

Today marks a big day in the life of Snow ❄️, where we come to the mature realization that in order for the project to stop chasing defensive security it has to take some bold steps at the cost of adoption and functional behaviour. Here, I attempt to lay out the process of trying, failing and learning the hard truth the hard way, and what should be our steps forward to find real security for same origin realms.

CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score

A stored XSS in Snyk Advisor (domain:snyk.io) allowed me to fabricate the health score granted for packages in my control, which I leveraged into making it seem as my "malicious" package is in fact healthy, popular and legitimate, which could have served an attacker to convince others to install an actual malicious npm package.

Integrating Snow ❄️ into MetaMask 🦊

Here's why our very own Snow JS, a browser security technology, should be integrated into the MetaMask browser extension. We explain the problem of supply chain attacks and how LavaMoat, a technology used by MetaMask, provides a layer of defense against such attacks. However, LavaMoat's protection is limited to the main realm, and Snow is proposed as a tool to extend this protection to all child realms. Snow aims to provide a second layer of security to enhance the app's defense against supply chain attacks.

What is a realm in JavaScript?

Realms are an old concept in the JavaScript ecosystem, but with the rise of supply chain types of attacks realms became a powerful tool for attackers to bypass well known browser runtime security tools. In order to address this concern, we first must understand - what is a realm in JavaScript?

Javascript Anti Debugging - Abusing Chromium Devtools Scope Pane

Abusing the Chromium Devtools Scope Pane can allow execution of Javascript by the devtools while the main thread is paused by the debugger. A walk through a very interesting discovery that JavaScript security researcher should very much be aware of.

My contribution attempt to the browser javascript supply chain attack problem

Today I share my "side project" for the past year, three browser javascript security libraries that aim to perform as tools for creating web apps that are more resilient to and limiting of unwanted code execution such as XSS and javascript supply chain attacks - This is my contribution attempt to the JavaScript security ecosystem!

CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms

This is the story of how I found and helped Google patch a vulnerability in Chrome browser that could have allowed attackers to fully bypass CSP rules since Chrome 73 (March 2019), and how researching it taught me that today's CSP mechanism design is the reason no one uses CSP correctly and therefore many of the biggest websites in the world are exposed to this vulnerability.

CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE

WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE! A super critical vulnerability discovery and breakdown to learn from and be aware of. Here's how it looks like when a highly used b2c product leaves so many users so vulnerable to a number of client side vulnerabilities.

Javascript Anti Debugging - Abusing SourceMappingURL

Abusing SourceMappingURL feature can allow attackers to create one of the strongest Cross Browsers Javascript Anti Debugging techniques that was ever seen. In this post I walk through the discovery and explain why this finding is so powerful and important to be aware of.