Posted by Gynvael Coldwind on Oct 15
Vendor Response Pattern
Hi Christopher,
Vendor is correct with this one. The problem isn’t the vendor’s site – it’s
that the browser is already pwned with the malicious browser extension
(this is site-agnostic).
You’ve mentioned “No user interaction required beyond normal application
usage.”, but having “Malicious browser extension” installed is anything but
normal application usage.
This is not a…
– Read More – Full Disclosure
