|
|
|
|
|
|
by cucumber3732842
4 hours ago
|
|
|
> It would also allow an adversary to target you specifically with an exploit, but obviously this is not in most peoples threat model. I saw that at the organizational level back in like 2015. Unless you were running the exact browser/os/extension combo that the organization they were targeting (multinational defense contractor in this case, i.e. a target worth the effort) was running on the corporate workstations the JS wouldn't run. And even if you forced it to the payload endpoint wouldn't like it. |
|
|