Open masood opened 10 months ago
Hi @masood
Interesting, to help us rate the issue could you explain an example where the user would be vulnerable without opening themselves up with the remote debugging?
Other than convincing a user with social engineering to open with remote debugging enabled via the cli, which at that point you could have them run most anything through the cli anyway, i'm unsure why a user would use remote debugging with this app.
Thanks & appreciate the report!
Summary:
The HTTPS Checker Desktop Application uses an old version of Electron.js, with insecure web preferences, and does not include checks on in-app navigation.
Platform(s) Affected:
MacOS, Windows, Linux
Steps To Reproduce:
--remote-debugging-port=8315
. In your Chromium-based browser, navigate tolocalhost:8315
and interact with the application via the DevTools console.require(‘child_process’).execFile(‘/Applications/Emacs.app’”)
– observe that, if installed on the system, the Emacs opens. Essentially, any malicious code that runs in the renderer process can compromise the user’s underlying system.–
Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago