Cross-origin/same-site request forgery to RCE in chromedriver

computer security web vulnerability webdriver csrf

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

Page 1 of 3 | | Next page | JSON Feed | Atom Feed