The lecture will present new security research and the "DOM-based extension clickjacking" technique, which targets browser extensions. The technique described is general and can be used on various types of web browser extensions. The research itself focused on the 11 most widely used password managers. The result was the discovery of several serious zero-day vulnerabilities that affected millions of users.
Was your password manager vulnerable too? How did password manager developers respond to the vulnerability? What could an attacker have gained? You will learn all this and much more in this lecture!
The event is part of the Informatics Evenings at FIT CTU series in cooperation with IEEE Young Professionals.
Marek Tóth
Marek Tóth is an Ethical Hacker (Penetration Tester). He deals with IT security, focusing primarily on finding security vulnerabilities in web applications. He has been actively interested in this area since 2018, searching for web vulnerabilities that could be exploited.
Marek Tóth has discovered a number of significant and widely publicized vulnerabilities, including on Seznam (article) and HeroHero (article). One of his latest achievements was the discovery of vulnerabilities in widely used password managers with a potential impact on tens of millions of users worldwide (article).