jvndb-2023-027250
Vulnerability from jvndb
Published
2024-09-11 18:19
Modified
2024-09-11 18:19
Summary
Security Problem in Web Browser Permission Mechanism
Details
A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems (both mobile and desktop OS) and 22 major browsers running on each OS. The results show that they have multiple problems including lack of consistency in implementations of permission mechanisms and flaws that can result in privacy risks. These problems can cause browser users to make bad decisions and create security threats. The below contents are presented by the research team at <a href="https://www.ndss-symposium.org/ndss-paper/browser-permission-mechanisms-demystified/"target="blank">NDSS 2023</a>.
Please refer to <a href="https://jvn.jp/en/ta/JVNTA96606604/index.html">JVNTA#96606604</a> for more details.
This document was written by Kazuki Nomoto (Waseda University), Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Social Informatics Laboratories), and JPCERT/CC to alert browser vendors and users.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| (Multiple Venders) | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-027250.html",
"dc:date": "2024-09-11T18:19+09:00",
"dcterms:issued": "2024-09-11T18:19+09:00",
"dcterms:modified": "2024-09-11T18:19+09:00",
"description": "A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems (both mobile and desktop OS) and 22 major browsers running on each OS. The results show that they have multiple problems including lack of consistency in implementations of permission mechanisms and flaws that can result in privacy risks. These problems can cause browser users to make bad decisions and create security threats. The below contents are presented by the research team at \u003ca href=\"https://www.ndss-symposium.org/ndss-paper/browser-permission-mechanisms-demystified/\"target=\"blank\"\u003eNDSS 2023\u003c/a\u003e.\r\n\r\nPlease refer to \u003ca href=\"https://jvn.jp/en/ta/JVNTA96606604/index.html\"\u003eJVNTA#96606604\u003c/a\u003e for more details.\r\n\r\nThis document was written by Kazuki Nomoto (Waseda University), Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Social Informatics Laboratories), and JPCERT/CC to alert browser vendors and users.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-027250.html",
"sec:cpe": {
"#text": "cpe:/a:misc:multiple_vendors",
"@product": "(Multiple Products)",
"@vendor": "(Multiple Venders)",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2023-027250",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA96606604/index.html",
"@id": "JVNTA#96606604",
"@source": "JVN"
},
{
"#text": "https://www.ndss-symposium.org/ndss-paper/browser-permission-mechanisms-demystified/",
"@id": "Browser Permission Mechanisms Demystified - NDSS Symposium 2023",
"@source": "Related document"
}
],
"title": "Security Problem in Web Browser Permission Mechanism"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.