Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Google

Chrome Tries APIs That Allow Changing A User's Files, Receiving SMS Verification Texts (androidpolice.com) 68

"Web pages have never been able to directly access your computer's (or phone's) file system, unless there was a plugin like Java or ActiveX involved somewhere," reports Android Police.

The new Native File System API in Chrome 78 changes that... Here's how the API works: A web page can bring up a file picker dialog, just like you would see when clicking an Upload button on any web site. One file, a group of files, or an entire folder can be selected (it's up to the web page). The page can later save changes to those files, if it wants.

Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use. Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway), and right now the permission only stays granted until the site is closed.

I can't wait to see what gets done with this functionality. We could get online code editors that can actually work with several local files at once, or maybe Google Docs could edit Word files directly on your PC without uploading/converting them first.

The article also describes one possible application from Chrome's SMS Receiver API (currently in "Origin Trial" status): Many apps and services ask you to verify your phone number by sending a code via SMS. In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code. Google just added an API for Android apps that can automate this process, and now a similar feature is in the works for Chrome.
This discussion has been archived. No new comments can be posted.

Chrome Tries APIs That Allow Changing A User's Files, Receiving SMS Verification Texts

Comments Filter:
  • by QuietLagoon ( 813062 ) on Sunday November 03, 2019 @09:38AM (#59374890)
    }--- Web pages have never been able to directly access your computer's (or phone's) file system ---{ ... There's a reason for why it has not been allowed. But I can see why google would want this - it allows them to scan the victim's file system to gather more marketable data.
    • it allows them to scan the victim's file system to gather more marketable data.

      The summary directly contradicts this "scan" claim:

      Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway)

      It appears to be intended for two things:

      "Save" command
      The user opens a local file for editing in a web application and then saves changes to that local file without having to fish through the ~/Downloads folder every time.
      "Download All File
      • You seem to be confused about the difference between "supposed to" and "can." The point here is that regardless of what a web page is "supposed to" be able to see is quite likely, at some point, to differ from what it "can" see.
      • And it is more memory efficient to not use a multi-gigabyte VM, you stupid git!

        Compare this to Godot Enginey a full powerful game engine with a feature set bigger than browsers IMHO. How big is it? 30MB.
        Only your assets (models, textures, maps, etc.) make it bigger. Because you are actually using them.

    • Never liked Chrome, and now I will NEVER use it! Hopefully Firefox will NEVER go this same route!!!

      STUPIDITY on steroids!!!
      • Problem is Firefox has already been towing the party line, as it were, on Chrome changes. This will follow as webapps and people start using it and, foolishly, think it is a good thing. Firefox will have to implement it to keep their market share.

      • I wear hearing aids. No need for the all caps.

      • Stupid web developers keep adding the funtionality, even when Firefox does not have it. Adding "Works best/only in IE6/Chrome.", instead of staying compatible and sane.

        And that is *exactly* Google's goal: To kill competing browsers, with an insane pace of (pointless but used) new features.

        You add the feature too, or you die.

    • by That Ordinary Guy ( 6159720 ) on Sunday November 03, 2019 @10:05AM (#59374968)

      But I can see why google would want this - it allows them to scan the victim's file system to gather more marketable data.

      If you have Chrome installed, it already has access to your file system and can scan anything it wants and report back to Google. So this would give file permissions to other parties which might not be a good idea but Chrome/Google already has full access to your file system like any other application that you install on your computer.

      • +1 OP didn't think it through.

      • Its bad enough if the browser did report back to google on what you had on your computer, but thats the risk you take with using any program that has file system access. However when that program itself allows any old code from some random web site unrelated to the author of the program itself to access your computer thats a whole different ball game. The possible attack vectors have gone from 1 to N.

      • Google hasn't done it because part of the browser is open source and the other part can be examined if you are patient enough. Imagine burying a small bit of code somewhere in an area of obfuscated file that gets loaded by a piece of code that's loaded by another piece of code that's loaded by a webpage that does a brief look at your storage. But it only gets served to every 10,000th page hit. It would still catch a lot of data since there are so many hits but it wouldn't hit so often as to arouse suspicion

      • by gTsiros ( 205624 )

        can i sandbox applications?

        scratch that... can i allow a program to access only files i *explicitly* allow it to access?

      • Chrome will have access to the user ID files that it runs as. Anything more is due to a mistake in the setup of the system. In case Chrome uses some bug to escalate its privileges, it should get flagged as pure malware...
    • by gweihir ( 88907 )

      Indeed. Greed at work.

    • by dissy ( 172727 )

      But I can see why google would want this - it allows them to scan the victim's file system to gather more marketable data.

      Just wow.

      To be "vulnerable" to features in Chrome, one must by necessity install Chrome.
      Chrome being a native application with just as much access to your computer as any other executable you run from your account...

      Your ability to fail at risk assessment at such a level is somewhat impressive, but none the less is still a failure.

      If you are concerned about Google specifically having access to your system:
      Why are you running Chrome?
      If you aren't running Chrome, why are you concerned about the features of a

      • Why are you running Chrome?

        It's the only web browser that works with Twitch or Skype. Chrome is the only web browser that runs run the Authy extension, and without Authy 2FA, you can't get your Twitch stream key. Skype outright blocks all browsers other than Chrome and Edge, and production use of Edge requires a $119.99 Windows license and enough RAM to run it in a VM. Chrome is also the preinstalled web browser on Android OS and the web browser that gets dynamically linked into all third-party Android apps that use the system web vi

        • by dissy ( 172727 )

          So put that back into the context of the conversation.

          You can't use twitch and skype without chrome, and the stated "problem" is they now CAN use twitch and skype when they don't want to use twitch and skype.

          If your ultimate goal is to not be able to use skype, by installing chrome and skype you are inventing the very problem you are complaining about having.

    • There's a reason for why it has not been allowed

      Is it because the thing web browser were originally designed to do is absolutely not in the slightest related to what we use the internet for today? Because it certainly looks that way.

      I'm all for putting the breaks on any change to technology. If it was good enough for AOL keywords then it's good enough for the internet today! Slashdot, news for nerds who seemingly don't know that whole office suites execute in modern browsers.

      • Slashdot, news for nerds who seemingly don't know that whole office suites execute in modern browsers.

        We know it. We just think that maybe office suites that runs in a browser do so pretty damn well already, and we don't need or want a browser that lets websites fuck with our files.

        While there may be a tiny, specialized need for a website to mess with files on your machine, the vast majority of websites out there DO NOT NEED IT. The problem is that nothing is ever 100% secure. This WILL get exploited, and the only real way to prevent that is to not build it. It seems stupid to expose everyone who uses Chrom

  • by AndyKron ( 937105 ) on Sunday November 03, 2019 @09:52AM (#59374938)
    "...there are a lot of security precautions built into this already". You mean like all the healthcare sites that get hacked?
    • This is exactly how I feel. No matter how much security Google tries to bake into this feature, someone, somewhere is going to figure out a way to take advantage of users. It’s human nature. This is, and always has been a bad idea.
      • Browsers have been hijacked a million times before, I don't think it's any less secure than the current system.

      • by Euler ( 31942 )

        It's extremely predictable, and doesn't even require a security hole: "You want to see this website? you need to say 'yes' to allow filesystem access."

        Kinda like how every trivial mobile app needs access to my camera, microphone, and storage for no operational reason. And if they do actually have secondary functions that make use of those permissions, they still refuse to operate in a reduced mode.

        Or how websites require me to disable my ad-blocker, knowing that in this era that will likely open up users

        • Or how websites require me to disable my ad-blocker

          Websites don't require you to allow third-party-hosted advertisements. They just offer a $60 discount off the $60 per year subscription for doing so.

  • Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate Hate some text to avoid the repetition filter preventing me from posting this because slashdot is afraid of beco

  • "Web pages have never been able to directly access your computer's (or phone's) file system, unless there was a plugin like Java or ActiveX involved somewhere," reports Android Police.

    Once upon a time, Google made a plugin called Gears [wikipedia.org] which provided for offline Javascript apps in your web browser, which could also access local files. They discontinued this in 2010 and added the offline app functionality to Chrome. Gears was able to access files on your filesystem; Chrome apps continue to be able to do so on ChromeOS. They announced their removal of that functionality from desktop Chrome in 2016.

  • by gweihir ( 88907 ) on Sunday November 03, 2019 @11:06AM (#59375148)

    No matter how many security precautions are built in here, this can of worms is going to do massive damage to the users. And at least the security people working on Chrome must be well aware of that. Looks like greed has again won out over common sense.

    • Looks like greed has again won out over common sense.

      You mean the common sense of running an office suite which you can't use to access files on your computer?
      I think we've established long ago that you have completely lost touch with "common" usage of computers gweihir.

  • In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code.

    That's sort of the point. It expects some human intervention outside of the app to 1) ensure that it's really a human authorizing this and 2) gets the user to stop and think about exactly what it is that they are authorizing.

    • by Jahta ( 1141213 )

      In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code.

      That's sort of the point. It expects some human intervention outside of the app to 1) ensure that it's really a human authorizing this and 2) gets the user to stop and think about exactly what it is that they are authorizing.

      You are assuming that SMS verification is secure. That is not the case [vice.com].

      Regardless, allowing arbitrary code running in the browser to reach out of the sandbox and manipulate the local file system is a terrible idea. Remember Microsoft's ActiveX [wikipedia.org]?

  • by Rockoon ( 1252108 ) on Sunday November 03, 2019 @11:36AM (#59375226)
    Automatically snarfing and submission of SMS verification codes by the Chrome browser... nothing bad can ever be done with that. Right? Right?

    That pop-under didnt just do it behind your back, right? Right?
    • Ever notice how no pop-under actually is actually used in the wild for anything that requires user interaction, like for instance these APIs?

  • "Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use."

    Oh, I feel much better now. We all know that security precautions are 100% secure in every other software to date.

  • by grasshoppa ( 657393 ) on Sunday November 03, 2019 @11:55AM (#59375270) Homepage

    As a user of their office products ( sheets, docs, ect.. ), I can see how this might be useful. Word and Excel is still king if you need to integrate with an external data source that's local to your network, a quite common business need I would imagine. This is the first step to granting these applications the kind of access they'd need to be viable replacements in the business world.

    • I can see what you're getting at, but there are many other barriers to businesses using Google office suite, such as the fact that they lack so many of the features of "real" office software.

      Then again, many businesses are short-sighted, so maybe the Google rubbish with gain traction. I can see employers forcing workers to fill out a form to show why they need Word instead of Google docs.

      The workplace of the future is going to suck.

      • It's not just Google's Office suite that would benefit from this. Forget filling out forms to get Word, Word Online already could use this feature and with sharepoint integration set as defaults also makes it the default editor within many organisations.

        Mind you I'm sure my company would like nothing more than for me to stop saving files on my local device.

      • I can see what you're getting at, but there are many other barriers to businesses using Google office suite, such as the fact that they lack so many of the features of "real" office software.

        To be fair, most offices use...what? A handful of functionality that the MS Office suite provides? Given how expensive it is, if I can get something that just covers the functionality I need at a dramatically reduced cost, why wouldn't you? Particularly if that solution still outputs files readable by other office suites?

        I'm worried about the security implications of such a feature, and am confident it will be abused, but I do see what they're after.

  • by CaptainDork ( 3678879 ) on Sunday November 03, 2019 @12:04PM (#59375296)

    ... what could possibly go wrong?

    Chrome is doing this for its own benefit. What is that benefit?

    • That is the point of nearly all of their "innovation". And it worked well.

      It is also why Mozilla adds that crap too.
      Because the web developers keep using it, even when Firefox does not support it yet.

      I'm trying to live in a post-web (and post-app) world, nowadays.
      Websites just are appity app apps, and HTML5 is an OS. So let's run it in a normal VM or runtime (based on trust).

  • it only takes one missing boundary check for hackers to be able to bypass the "only modify this file" feature. this is a disaster waiting to happen

  • Just flood the disk, growing the file until the system dies.

    Or, make the OS grow the file before writing, and then read the data on disk at that location. (Yeah, no such thing as "deleting" files. The pointer is onl overwritten. All the data is still there, in the normal case, unless specifially overwritten.)

    Better hope they add (layers of) quota, and wipe allocated storage areas before assignig them.

    Frankly, I'd prefer if computers had a separare computer (blade) for each web process; with a very very narr

  • Let's hope the OK button isn't default.

    • by Euler ( 31942 )

      Exactly this! I don't know when this became the norm that apps can steal focus, but it needs to stop, especially if I'm in the middle of typing. Why can't Microsoft understand this issue?

      • by swilver ( 617741 )

        This issue has been raised plenty of times, and they even responded with some long bullshit explanation of why this is a "hard" problem.

  • What about B user? Is B user safe?
  • Oddly enough, this might actually help with some stuff I work on. For cases where you are using a web browser to interact with your own filesystem, the ability to actually pull from files other than js/html/css would be fantastic. I've gotten rather tired of having to wrap json up in single function javascript files.....
  • I can't wait to see what gets done with this (Native File System API) functionality.

    Set: "chrome://flags/#native-file-system-api " to "Disabled".

  • Sounds like I'll need to implement Firefox-only policy with my employees now.
    Formerly it was only "don't ever use IE", but with this and ff's new popup disabling, I guess Firefox wins for now.

  • Most (all?) GNU/Linux distribution already have an installed or installable sandbox system available, e.g. AppArmor. What's needed is for these systems to be made more user-friendly so that it's a simple matter of specifying a specific directory for files that a particular program will use, say a Chrome Home. Files and directories above that level cannot be accessed, only subdirectories and files within the sandbox.
  • And this [SMS API thing] is not a [real] standard, and will likely be a Chrom*-only [de-facto] thing. And this will lead to certain web sites using it when other browsers won't work. Web developers will be too lazy or resource-depleted or arrogant to code work-arounds for this non-standard. Thus, welcome to the new IE.... another Chrom*-only website.... the march to a new monoculture, controlled by a single company, continues. Death by a thousand little cuts....

  • Okay, a non-tech-savvy user would probably pick something like a Desktop for some random web site requesting the rights for this. I can already see how on Windows this can then lead to something like Desktop\My Computer\C:\... This is one of the worst ideas in a long time, just like pretty much anything where the browser can access something outside of the browser sandbox (just like the USB web API). I hope this will be a proprietary thing and not a standard so that I can stay safe using Firefox. Again, tho

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...