Chrome Tries APIs That Allow Changing A User's Files, Receiving SMS Verification Texts (androidpolice.com) 68
"Web pages have never been able to directly access your computer's (or phone's) file system, unless there was a plugin like Java or ActiveX involved somewhere," reports Android Police.
The new Native File System API in Chrome 78 changes that... Here's how the API works: A web page can bring up a file picker dialog, just like you would see when clicking an Upload button on any web site. One file, a group of files, or an entire folder can be selected (it's up to the web page). The page can later save changes to those files, if it wants.
Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use. Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway), and right now the permission only stays granted until the site is closed.
I can't wait to see what gets done with this functionality. We could get online code editors that can actually work with several local files at once, or maybe Google Docs could edit Word files directly on your PC without uploading/converting them first.
The article also describes one possible application from Chrome's SMS Receiver API (currently in "Origin Trial" status): Many apps and services ask you to verify your phone number by sending a code via SMS. In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code. Google just added an API for Android apps that can automate this process, and now a similar feature is in the works for Chrome.
The new Native File System API in Chrome 78 changes that... Here's how the API works: A web page can bring up a file picker dialog, just like you would see when clicking an Upload button on any web site. One file, a group of files, or an entire folder can be selected (it's up to the web page). The page can later save changes to those files, if it wants.
Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use. Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway), and right now the permission only stays granted until the site is closed.
I can't wait to see what gets done with this functionality. We could get online code editors that can actually work with several local files at once, or maybe Google Docs could edit Word files directly on your PC without uploading/converting them first.
The article also describes one possible application from Chrome's SMS Receiver API (currently in "Origin Trial" status): Many apps and services ask you to verify your phone number by sending a code via SMS. In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code. Google just added an API for Android apps that can automate this process, and now a similar feature is in the works for Chrome.
This won't end well... (Score:5, Insightful)
API doesn't allow scanning (Score:2)
it allows them to scan the victim's file system to gather more marketable data.
The summary directly contradicts this "scan" claim:
It appears to be intended for two things:
Re: API doesn't allow scanning (Score:1)
"More memory efficient"... (Score:2)
And it is more memory efficient to not use a multi-gigabyte VM, you stupid git!
Compare this to Godot Enginey a full powerful game engine with a feature set bigger than browsers IMHO. How big is it? 30MB.
Only your assets (models, textures, maps, etc.) make it bigger. Because you are actually using them.
Nothing could EVER go WRONG, right??? (Score:1)
STUPIDITY on steroids!!!
Re: (Score:2)
Problem is Firefox has already been towing the party line, as it were, on Chrome changes. This will follow as webapps and people start using it and, foolishly, think it is a good thing. Firefox will have to implement it to keep their market share.
Re: (Score:1)
toeing the party line
Re: (Score:2)
Re: (Score:3)
I wear hearing aids. No need for the all caps.
Firefox is FORCED to. (Score:2)
Stupid web developers keep adding the funtionality, even when Firefox does not have it. Adding "Works best/only in IE6/Chrome.", instead of staying compatible and sane.
And that is *exactly* Google's goal: To kill competing browsers, with an insane pace of (pointless but used) new features.
You add the feature too, or you die.
Re:This won't end well... (Score:5, Insightful)
But I can see why google would want this - it allows them to scan the victim's file system to gather more marketable data.
If you have Chrome installed, it already has access to your file system and can scan anything it wants and report back to Google. So this would give file permissions to other parties which might not be a good idea but Chrome/Google already has full access to your file system like any other application that you install on your computer.
Re: (Score:2)
+1 OP didn't think it through.
Not quite the same (Score:2)
Its bad enough if the browser did report back to google on what you had on your computer, but thats the risk you take with using any program that has file system access. However when that program itself allows any old code from some random web site unrelated to the author of the program itself to access your computer thats a whole different ball game. The possible attack vectors have gone from 1 to N.
Re: (Score:2)
Google hasn't done it because part of the browser is open source and the other part can be examined if you are patient enough. Imagine burying a small bit of code somewhere in an area of obfuscated file that gets loaded by a piece of code that's loaded by another piece of code that's loaded by a webpage that does a brief look at your storage. But it only gets served to every 10,000th page hit. It would still catch a lot of data since there are so many hits but it wouldn't hit so often as to arouse suspicion
Re: (Score:2)
can i sandbox applications?
scratch that... can i allow a program to access only files i *explicitly* allow it to access?
Re: (Score:2)
Yes. And yes.
Or I mean, a person can. Can you? I don't know. Can I? Yes.
Re: This won't end well... (Score:1)
Re: (Score:2)
Indeed. Greed at work.
Re: (Score:2)
But I can see why google would want this - it allows them to scan the victim's file system to gather more marketable data.
Just wow.
To be "vulnerable" to features in Chrome, one must by necessity install Chrome.
Chrome being a native application with just as much access to your computer as any other executable you run from your account...
Your ability to fail at risk assessment at such a level is somewhat impressive, but none the less is still a failure.
If you are concerned about Google specifically having access to your system:
Why are you running Chrome?
If you aren't running Chrome, why are you concerned about the features of a
Skype and Twitch all but require Chrome (Score:2)
Why are you running Chrome?
It's the only web browser that works with Twitch or Skype. Chrome is the only web browser that runs run the Authy extension, and without Authy 2FA, you can't get your Twitch stream key. Skype outright blocks all browsers other than Chrome and Edge, and production use of Edge requires a $119.99 Windows license and enough RAM to run it in a VM. Chrome is also the preinstalled web browser on Android OS and the web browser that gets dynamically linked into all third-party Android apps that use the system web vi
Re: (Score:2)
So put that back into the context of the conversation.
You can't use twitch and skype without chrome, and the stated "problem" is they now CAN use twitch and skype when they don't want to use twitch and skype.
If your ultimate goal is to not be able to use skype, by installing chrome and skype you are inventing the very problem you are complaining about having.
Re: (Score:2)
There's a reason for why it has not been allowed
Is it because the thing web browser were originally designed to do is absolutely not in the slightest related to what we use the internet for today? Because it certainly looks that way.
I'm all for putting the breaks on any change to technology. If it was good enough for AOL keywords then it's good enough for the internet today! Slashdot, news for nerds who seemingly don't know that whole office suites execute in modern browsers.
Re: (Score:2)
Slashdot, news for nerds who seemingly don't know that whole office suites execute in modern browsers.
We know it. We just think that maybe office suites that runs in a browser do so pretty damn well already, and we don't need or want a browser that lets websites fuck with our files.
While there may be a tiny, specialized need for a website to mess with files on your machine, the vast majority of websites out there DO NOT NEED IT. The problem is that nothing is ever 100% secure. This WILL get exploited, and the only real way to prevent that is to not build it. It seems stupid to expose everyone who uses Chrom
Hippa is Rippa (Score:3)
Re: (Score:2)
Re: (Score:2)
Browsers have been hijacked a million times before, I don't think it's any less secure than the current system.
Re: (Score:1)
Does Spectre have access to the file system. (Score:2)
There are JS-based exploits, you know?
You may be running one right now, if you use Intel.
Re: (Score:2)
It's extremely predictable, and doesn't even require a security hole: "You want to see this website? you need to say 'yes' to allow filesystem access."
Kinda like how every trivial mobile app needs access to my camera, microphone, and storage for no operational reason. And if they do actually have secondary functions that make use of those permissions, they still refuse to operate in a reduced mode.
Or how websites require me to disable my ad-blocker, knowing that in this era that will likely open up users
Discount for allowing ads (Score:2)
Or how websites require me to disable my ad-blocker
Websites don't require you to allow third-party-hosted advertisements. They just offer a $60 discount off the $60 per year subscription for doing so.
Hate Hate Hate Hate Hate Hate (Score:1, Offtopic)
Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate some text to avoid the repetition filter preventing me from posting this because slashdot is afraid of beco
Re: (Score:2)
Only if the promise is legally binding, and includes the promise to pay you lawyers bills when you sue them to collect the fee they refuse to pay, even though legally required.
You mean like Gears? (Score:2)
"Web pages have never been able to directly access your computer's (or phone's) file system, unless there was a plugin like Java or ActiveX involved somewhere," reports Android Police.
Once upon a time, Google made a plugin called Gears [wikipedia.org] which provided for offline Javascript apps in your web browser, which could also access local files. They discontinued this in 2010 and added the offline app functionality to Chrome. Gears was able to access files on your filesystem; Chrome apps continue to be able to do so on ChromeOS. They announced their removal of that functionality from desktop Chrome in 2016.
This is an exceptionally bad idea (Score:5, Informative)
No matter how many security precautions are built in here, this can of worms is going to do massive damage to the users. And at least the security people working on Chrome must be well aware of that. Looks like greed has again won out over common sense.
Re: (Score:2)
Looks like greed has again won out over common sense.
You mean the common sense of running an office suite which you can't use to access files on your computer?
I think we've established long ago that you have completely lost touch with "common" usage of computers gweihir.
Re: (Score:2)
A web browser is not an office suite.
Re: (Score:2)
Other than a web browser, what can be used to build an office suite that works on Windows, macOS, X11/Linux, iOS, and Android?
Re: (Score:2)
Referring to yourself in the plural just makes you look even more demented.
SMS Verification (Score:2)
In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code.
That's sort of the point. It expects some human intervention outside of the app to 1) ensure that it's really a human authorizing this and 2) gets the user to stop and think about exactly what it is that they are authorizing.
Re: (Score:2)
In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code.
That's sort of the point. It expects some human intervention outside of the app to 1) ensure that it's really a human authorizing this and 2) gets the user to stop and think about exactly what it is that they are authorizing.
You are assuming that SMS verification is secure. That is not the case [vice.com].
Regardless, allowing arbitrary code running in the browser to reach out of the sandbox and manipulate the local file system is a terrible idea. Remember Microsoft's ActiveX [wikipedia.org]?
Forget the files... look at the SMS (Score:5, Informative)
That pop-under didnt just do it behind your back, right? Right?
Re: (Score:2)
Ever notice how no pop-under actually is actually used in the wild for anything that requires user interaction, like for instance these APIs?
Feel much better now (Score:2)
"Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use."
Oh, I feel much better now. We all know that security precautions are 100% secure in every other software to date.
I see why they're wanting this (Score:3)
As a user of their office products ( sheets, docs, ect.. ), I can see how this might be useful. Word and Excel is still king if you need to integrate with an external data source that's local to your network, a quite common business need I would imagine. This is the first step to granting these applications the kind of access they'd need to be viable replacements in the business world.
Re: (Score:2)
I can see what you're getting at, but there are many other barriers to businesses using Google office suite, such as the fact that they lack so many of the features of "real" office software.
Then again, many businesses are short-sighted, so maybe the Google rubbish with gain traction. I can see employers forcing workers to fill out a form to show why they need Word instead of Google docs.
The workplace of the future is going to suck.
Re: (Score:2)
It's not just Google's Office suite that would benefit from this. Forget filling out forms to get Word, Word Online already could use this feature and with sharepoint integration set as defaults also makes it the default editor within many organisations.
Mind you I'm sure my company would like nothing more than for me to stop saving files on my local device.
Re: (Score:2)
I can see what you're getting at, but there are many other barriers to businesses using Google office suite, such as the fact that they lack so many of the features of "real" office software.
To be fair, most offices use...what? A handful of functionality that the MS Office suite provides? Given how expensive it is, if I can get something that just covers the functionality I need at a dramatically reduced cost, why wouldn't you? Particularly if that solution still outputs files readable by other office suites?
I'm worried about the security implications of such a feature, and am confident it will be abused, but I do see what they're after.
By all means open the door ... (Score:3)
... what could possibly go wrong?
Chrome is doing this for its own benefit. What is that benefit?
To kill its competitors. Namely, Firefox. (Score:2)
That is the point of nearly all of their "innovation". And it worked well.
It is also why Mozilla adds that crap too.
Because the web developers keep using it, even when Firefox does not support it yet.
I'm trying to live in a post-web (and post-app) world, nowadays.
Websites just are appity app apps, and HTML5 is an OS. So let's run it in a normal VM or runtime (based on trust).
Re: (Score:2)
Trust is, by definition, a risk factor.
a disaster waiting to happen (Score:2)
it only takes one missing boundary check for hackers to be able to bypass the "only modify this file" feature. this is a disaster waiting to happen
HA! Zero day exploit: (Score:2)
Just flood the disk, growing the file until the system dies.
Or, make the OS grow the file before writing, and then read the data on disk at that location. (Yeah, no such thing as "deleting" files. The pointer is onl overwritten. All the data is still there, in the normal case, unless specifially overwritten.)
Better hope they add (layers of) quota, and wipe allocated storage areas before assignig them.
Frankly, I'd prefer if computers had a separare computer (blade) for each web process; with a very very narr
Focus steal... (Score:2)
Let's hope the OK button isn't default.
Re: (Score:2)
Exactly this! I don't know when this became the norm that apps can steal focus, but it needs to stop, especially if I'm in the middle of typing. Why can't Microsoft understand this issue?
Re: (Score:2)
This issue has been raised plenty of times, and they even responded with some long bullshit explanation of why this is a "hard" problem.
Who is A user? (Score:2)
Re: (Score:2)
Ah, you're talking about Z user.
Filesystem pages. (Score:2)
I can wait ... (Score:2)
I can't wait to see what gets done with this (Native File System API) functionality.
Set: "chrome://flags/#native-file-system-api " to "Disabled".
New policy (Score:2)
Sounds like I'll need to implement Firefox-only policy with my employees now.
Formerly it was only "don't ever use IE", but with this and ff's new popup disabling, I guess Firefox wins for now.
Universal user-friendly sandbox system needed (Score:1)
More IE (Score:2)
And this [SMS API thing] is not a [real] standard, and will likely be a Chrom*-only [de-facto] thing. And this will lead to certain web sites using it when other browsers won't work. Web developers will be too lazy or resource-depleted or arrogant to code work-arounds for this non-standard. Thus, welcome to the new IE.... another Chrom*-only website.... the march to a new monoculture, controlled by a single company, continues. Death by a thousand little cuts....
Non-savvy users (Score:2)