Browser Feature
Browser Feature
Overview of the Vulnerability
Browsers implement features to offer users both online and offline features to enhance the user experience of the browser and applications. For example, a browser can offer offline features such as caching, notifications, as well as offloading computation for applications, such as Progressive Web Applications (PWA). Occasionally, these browser features can cause security issues depending on their implementation. A local attacker can take advantage of the browser feature to impersonate a user and make requests on their behalf.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
Steps to Reproduce
Use a browser to navigate to: {{URL}}
Use {{software}} to profile the browser feature that is showing sensitive user information
Proof of Concept (PoC)
The screenshots below demonstrate the misconfigured browser feature:
{{screenshot}}
Recommendation(s)
It is recommended to limit the browser feature’s use for sensitive forms and fields.
Last updated