You must log in or # to comment.
The threat applies to Google’s Chrome and Microsoft’s Edge browsers but not Apple’s Safari or Mozilla’s Firefox
Oh dear. How sad. Never mind.
Looks like it’s just:
- Page prompts user for write access to directory
- User grants access
- …
- Shocked Pikachu when page overwrites files
The proper fix here IMO is to not let the user grant write or read access to an entire directory, only the files the page needs. Ideally, the only way a page could get write access to a directory is if the page owns the directory (i.e. the browser creates it for them and the user copies files into it).
Users can send and receive email, listen to music or watch a movie within a browser with the click of a button.
They could do that 20 years ago. Who wrote this garbage?