Y
Hacker News
new
|
ask
|
show
|
jobs
by
Ajedi32
3030 days ago
Not every link you click. Only sites that you grant access to the necessary attack surface. The Web USB API can't be attacked by sites that you haven't granted access to it.
1 comments
codedokode
3030 days ago
What if that privileged website has XSS vulnerability?
link
Ajedi32
3024 days ago
Then the attacker gets access to that USB device. (And only that USB device.)
What if your unsandboxed native USB utility has an RCE vulnerability?
link