asbplayer Chrome Extension Arbitrary File Upload Vulnerability Allowing Code Execution
Vulnerability
A vulnerability allowing arbitrary file upload has been identified in the asbplayer Chrome extension, version 1.13.0. This issue arises in the subtitle loading function, where attackers can upload a crafted subtitle file that is not properly sanitized. As a result, malicious scripts embedded in the subtitle file can be executed, potentially leading to unauthorized actions within the same origin context.
Impact
Exploitation of this vulnerability allows for cross-site scripting (XSS) attacks, where injected scripts are executed in the context of the user's active session on streaming services like Netflix. This could enable attackers to steal session cookies or send unauthorized API requests to access sensitive account information.
Reproduction
To reproduce this vulnerability, upload a subtitle file (.srt) containing a malicious JavaScript payload using the asbplayer Chrome extension. The extension will parse the subtitle file and execute the embedded script, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to escape HTML tags before they are inserted into the DOM or to use a trusted library like DOMPurify to sanitize malicious input.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.