Sergei Glazunov
Sergei Glazunov is a software engineer at Google's Project Zero team, which aims to reduce harm caused by targeted attacks on the Internet. His current focus is on web browser security.
Research Areas
Authored Publications
Sort By
Preview abstract
UXSS (Universal Cross-Site Scripting) is an attack that exploits client-side vulnerabilities in the browser or browser extensions in order to execute malicious code (usually JavaScript) with an access to arbitrary resources (origins). To put it simply:
A victim visits a malicious (or hacked / infected) website and an attacker becomes able to read victim’s GMail contents, private messages on Facebook, and so on, as well as to perform other actions on behalf of the victim: send emails, upload photos, etc.
The goal of this research is to analyze vulnerabilities in Chromium leading to UXSS attacks that were reported over the 3 years (2014 - 2016), to evaluate potential mitigations that can be implemented in Chromium browser, and to explore the possibilities of new techniques to be used for prevention or detection of vulnerabilities leading to UXSS.
View details