Beef up privacy and security section with regards to the various risks related to the different surfaces

Question

Beef up privacy and security section with regards to the various risks related to the different surfaces

Opened this issue 3 years ago · 2 comments

This is especially important since new APIs allow web pages to influence user selection.

Answer 1 · 2022-06-02T14:02:05.000Z

@youennf, could you please clarify what is missing?

Answer 2 · 2022-09-01T11:37:39.000Z

We are adding things like preselecting getDisplayMedia browser tab pane or disabling focus to the captured area.
As I said in the past, it would be good to assess and mention the risks of such new features.
For instance, these two features might typically ease attacks where the capturer is capturing a tab that is not visible to the user and that it can navigate to arbitrary origins without the user knowing it.

It seems we could beef up browser tab risks:

Mention risks specific to tabs. For instance self tab capture is less risky than other same-origin tab capture.
Mention that if a captured tab is navigating to a new origin (or maybe is loading third-party content), it might be good to present this information to the user, maybe temporarily disable capture until user decides what to do with it.

IIRC correctly, Chrome is for instance pausing getDisplayMedia capture if the capturing tab is navigating to another domain.
Chrome might have more protections like this and it would be good if the Chrome team could document these protections.