![]() ![]() The following is the code for this function: function onMessage() ) : (event. This calls the “this.onMessage” function upon any postMessage being sent to the web page’s window. Inside of the “inject.js” file there is an event listener for any messages sent via postMessage by a web page which the Content Script is injected into: window.addEventListener("message", this.onMessage) This is demonstrated by the following excerpt from the extension’s manifest. This Content Script is injected into all HTTP and HTTPS origins by default. ![]() The Read&Write Chrome extension makes use of the Content Script “inject.js” to inject a custom toolbar into various online document pages such as Google Docs. They also showed real interest and care about remediating further issues in the extension and stated they’d be further hardening the codebase. For this reason the latest version of the extension is no longer vulnerable to this issue. Texthelp, the company who created he extension, patched quickly and released a fix the next business day (nice work!). See the video proof-of-concept below for a demonstration of the issue. This is of course not a vulnerability in Gmail, but is an example of the exploitation that can occur using this vulnerability. As a proof of concept, I’ve created an exploit which, upon being viewed with the Read&Write extension installed, will steal and display all of the user’s emails. By abusing this call an attacker can hijack the extension to read data from other websites using the victim’s authenticated sessions. For example, the background API call with a method name of “thGetVoices” which allows for providing an arbitrary URL which will be retrieved by the extension and the response returned via “postMessage”. Many of these APIs allow for dangerous actions which are not meant to be callable by arbitrary web pages on the internet. Outside of all of the extension features, annotating screenshots can be done with the extension’s built-in annotation tools: notes, highlighting, arrows, text boxes, cropping, circles and arrows.Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)ĭue to a lack of proper origin checks in the message passing from regular web pages, any arbitrary web page is able to call privileged background page APIs for the Read&Write Chrome extension (vulnerable version 1.8.0.139). It’s a huge timesaver that coincides with qSnap saving your snapped images to a “holding” tray for up to 30 days so you can quickly refer back to any screenshot. ![]() If you want to make any changes, you can click the paintbrush icon in the top right to adjust font size, text color, background color, and more. Simply click on the extension and the webpage automatically gets cleaned up. ![]() The most notable aspect is that it can take your annotated screenshots from a single site and combine them into a single document. Chrome Web Store link Just Read is probably the closest match to Readability that I have found so far. Millions trust Grammarlys AI writing assistance to communicate with confidence and make writing faster and more delightful. While it’s easy to think every screenshot extension is the same, qSnap differentiates itself with a free price point even with all of its “premium” features. Perhaps the biggest benefit of using Nimbus is that you can record your screen to capture video and then annotate the video with its selection of shapes, arrows and rectangles. If you want to save your annotations to a PDF so you can easily reference your notations at any point, that’s possible as well. You can upload your screenshot to Google Drive or Dropbox (premium edition), add a watermark (premium edition) or save it to Google Classroom. ![]()
0 Comments
Leave a Reply. |