Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Critical Thinking - Bug Bounty Podcast
00:00
CSS Painting API
This is actually a way that is supported by Google Chrome to call JavaScript from CSS. And so I don't think this is behind any, any developer flags or anything. There's just a very limited thing amount of stuff you can do here. So I'd be interested for someone, um, who's a little bit more adept than me and, uh, browser exploitation to check this out and see exactly how they're doing it because there definitely is some potential here.
Transcript
Play full episode
