Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can't protect the users this way: the attacker will create a custom Chromium build and lure the user to download and execute it. At that point the user will be pawned either way.


That's a ridiculous argument. If the attacker could do that why would they even bother with XSS attacks based on developer tools?


The argument would be that the custom build of Chrome (or other malicious software) is harder to create, but not so much harder so as to be not worth doing for the attacker.


If you're getting a user to download and execute a piece of software, why bother going beyond that?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: