Talk 13:00 - 13:45 August 08, 2020

Parsia Hakimian


Many modern desktop applications use a localhost server for IPC and seamless interaction with websites. These servers usually have no authentication. JavaScript running in browsers can connect to these servers. I will discuss a dozen publicly disclosed bugs where malicious websites can connect these servers and directly run code on the machines.