search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.55k stars 2.27k forks source link

Relative path vulnerability in Linux desktop integration tools #12019

Open fmarier opened 3 years ago

fmarier commented 3 years ago

Original report: https://hackerone.com/reports/837706 Upstream bug (wontfix): https://bugs.chromium.org/p/chromium/issues/detail?id=1067872

Proposed fix is to check that the binary is either:

before executing it.

fmarier commented 3 years ago

I put together a concrete proposal for upstream: https://bugs.chromium.org/p/chromium/issues/detail?id=1067872#c11