JVNDB-2023-027250

Vulnerability from jvndb - Published: 2024-09-11 18:19 - Updated:2024-09-11 18:19
Summary
Security Problem in Web Browser Permission Mechanism
Details
A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems (both mobile and desktop OS) and 22 major browsers running on each OS. The results show that they have multiple problems including lack of consistency in implementations of permission mechanisms and flaws that can result in privacy risks. These problems can cause browser users to make bad decisions and create security threats. The below contents are presented by the research team at NDSS 2023. Please refer to JVNTA#96606604 for more details. This document was written by Kazuki Nomoto (Waseda University), Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Social Informatics Laboratories), and JPCERT/CC to alert browser vendors and users.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-027250.html",
  "dc:date": "2024-09-11T18:19+09:00",
  "dcterms:issued": "2024-09-11T18:19+09:00",
  "dcterms:modified": "2024-09-11T18:19+09:00",
  "description": "A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems (both mobile and desktop OS) and 22 major browsers running on each OS. The results show that they have multiple problems including lack of consistency in implementations of permission mechanisms and flaws that can result in privacy risks. These problems can cause browser users to make bad decisions and create security threats. The below contents are presented by the research team at \u003ca href=\"https://www.ndss-symposium.org/ndss-paper/browser-permission-mechanisms-demystified/\"target=\"blank\"\u003eNDSS 2023\u003c/a\u003e.\r\n\r\nPlease refer to \u003ca href=\"https://jvn.jp/en/ta/JVNTA96606604/index.html\"\u003eJVNTA#96606604\u003c/a\u003e for more details.\r\n\r\nThis document was written by Kazuki Nomoto (Waseda University), Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Social Informatics Laboratories), and JPCERT/CC to alert browser vendors and users.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-027250.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:multiple_vendors",
    "@product": "(Multiple Products)",
    "@vendor": "(Multiple Venders)",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2023-027250",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/ta/JVNTA96606604/index.html",
      "@id": "JVNTA#96606604",
      "@source": "JVN"
    },
    {
      "#text": "https://www.ndss-symposium.org/ndss-paper/browser-permission-mechanisms-demystified/",
      "@id": "Browser Permission Mechanisms Demystified - NDSS Symposium 2023",
      "@source": "Related document"
    }
  ],
  "title": "Security Problem in Web Browser Permission Mechanism"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.