Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The web page you are visiting contains personal information, and that is where the mischief can be made. All that is required is for the website to incorrectly trust an image, either by not sanitizing a user-uploaded image or by embedding a third party image. Both trust bugs are rampant on the web, and both have caused problems in the past. Adding an improperly vetted image decoder is a sure-fire way to get exploit authors salivating.


> The web page you are visiting contains personal information, and that is where the mischief can be made.

This is a weird threat model. You trust some website with your personal information but you don't trust that images they embed are trusted and will not attack you. Nothing will save you here except switching off showing pictures, which you can also do on Qubes.

I would say, if they really embed malicious images, then they probably have other problems with security, which nothing you run can help with.


> Nothing will save you here except switching off showing pictures

Or having a trustable image decoder, which is what web browsers actually do. This is a basic requirement that you are proposing to do away with by instead not showing images at all.


> trustable image decoder

This may never exist, since all software have bugs. Instead, you can isolate opening your pictures into a different VM, keeping this VM safe.

> what web browsers actually do

Haven't we seen related vulnerabilities?


> This may never exist

It's existed for years. https://chromium.googlesource.com/chromium/src/+/HEAD/third_...

Similarly, the JPEG XL decoder Chromium integrated is written in Rust, eliminating large classes of exploitable errors.

> Haven't we seen related vulnerabilities?

Repeatedly. That's why browser vendors are careful about adding new image decoders, and no, Qubes does not solve the problem.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: