ashgrover
commented
4 months ago Thanks for reporting the issue. It should be now resolved in v0.11.2.
Closed masood closed 4 months ago
ashgrover
commented
4 months ago Thanks for reporting the issue. It should be now resolved in v0.11.2.
Summary:
The Brisqi Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Brisqi needs to update the underlying Electron version. Platform(s) Affected: MacOS, Windows, Linux
Steps To Reproduce:
Open the Brisqi Desktop Application from the command-line. Add a command-line switch
--remote-debugging-port=8315while running the application.Open a web browser on the same device and visit
localhost:8315. The application can be interacted with via the DevTools protocol.[Open an executable file] Within the console, execute
window.electron.openMarkdownLink(‘file:///Applications/Emacs.app’”)– observe that, if installed on the system, the Emacs app opens. Alternatively, one can try this for Safari by usingwindow.electron.openMarkdownLink(‘file:///Applications/Safari.app’”). Essentially, any malicious code that runs in the renderer process can compromise the user’s underlying system.Finally, the current version of Brisqi depends on Electron v16 which is vulnerable to numerous CVEs. [Example]
Credit Information
Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago