The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob
origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets.
This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5657, which is included in 3.15.0.
There are no known workarounds.
CPE | Name | Operator | Version |
---|---|---|---|
matrix-react-sdk | lt | 3.15.0 |