Re: [w3c/clipboard-apis] clarify the issue prompting the suggestion of transcoding images? (#139) from Darwin Huang on 2021-03-29 (public-webapps-github@w3.org from March 2021)

From: Darwin Huang <notifications@github.com>
Date: Mon, 29 Mar 2021 13:03:11 -0700
To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/clipboard-apis/issues/139/809673670@github.com>

I think the envisioned attack would be that of sites trying to write malicious images with known decoder (ex. libpng, etc) vulnerabilities, with the goal of attacking out-of-date decoders in installed native applications that try to read these images (when the user pastes them into those apps). 

Browser implementations transcoding with a safe, up-to-date version of relevant image encoders ensures that native applications cannot be attacked by malicious images from the web.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/clipboard-apis/issues/139#issuecomment-809673670

Received on Monday, 29 March 2021 20:03:23 UTC