|
|
|
|
|
|
by pfg
3159 days ago
|
|
|
The lack of code signing in web apps and the added attack surface of having your web and application server (which are in control of the code that users run) exposed to the internet matter a lot in this context. Attacks on build systems of native applications aren't unheard of (CCleaner, that Ukrainian tax software, etc.), but it's far more involved and more likely to be detected, whereas web app backdoors can easily be delivered exclusively to the target and only for as long as needed to pull off the attack. |
|
|
The main blocker is https://github.com/w3c/ServiceWorker/issues/1208 (which would fix the non-critical but less-than-ideal issue described under "Service Worker lifecycle" in the blog post).