site banner

Small-Scale Question Sunday for October 30, 2022

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

4
Jump in the discussion.

No email address required.

Not a real programmer but... Aren't your question parameters too wide? If someone has a perfect (presumably zero day) exploit then the link question is just how much can come over bandwidth before user wizens up, and with a modern connection, that's a lot. Granted the only huge hacking op involving zero day exploits I've ever read about was Stuxnet, and that was USB shenanigans not anything protected by https or modern browsers but still.

Aren't your question parameters too wide? If someone has a perfect (presumably zero day) exploit

I suppose so. If somehow Chrome granted a page access to the entire filesystem, obviously that would be very bad. But you're probably protected against such an exploit because come on, are you really going to be the first person they target with this attack? Although I retract this skepticism if you are actually a billionaire.

So okay, are they any known ways that a site could extract important private information about a user just by visiting a site (and, let's say, scrolling)?

If somehow Chrome granted a page access to the entire filesystem, obviously that would be very bad.

Spoof it as just another accept/reject cookies. Tech illiterate can't tell.

Gotta admit I'm not about to read all that API documentation for window.showOpenFilePicker() but it looks like the user has to have a lot more specific interaction, i.e. choosing files on local disk, in order for the site to have access. So you wouldn't be able to get access just using some generic popup.