Rocket.Chat: Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE

Summary: The Rocket.Chat Desktop app passes the links users click on to Electron's shell.openExternal function which can lead to remote code execution. Description: The filtering on the URLs passed to shell.openExternal is insufficient. An attacker can craft and send a link that when clicked will...

Browser security beyond sandboxing

Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web...