Hi 🙂

Phishing and malware people download and execute are probably the most common issues, but there are ways to directly do harm, as there’s no browser that is 100% safe. Such things are usually fixed quickly, but still they do happen.

Computers are pretty dumb and just execute code. Stuff that’s in memory.

If you find a way to manipulate stuff outside of what a website’s script or plug-in can do, you may introduce code that should not be executed.

 

Let’s take the Macromedia / Adobe Flash plug-in for example. A great way to make animations and games before websites were as dynamic as they are today.

Flash could play video, read inputs, access your webcam, microphone… At one point store and read files to remember stuff or even have you make custom avatars for example. A versatile tool.

But such extensive functionality makes everything very complex. People find bugs or exploits.

Continious bugs and security issues made it pretty infamous.

 

Let’s say you find a bug that causes the plug-in to crash and the safe environment as well. It could result in behavior that lets you bypass security measurements.

 

Or another thing is to fill memory until something weird happens.

Let’s say you can store 1 word of data for your game.

But someone forgot to check if you actually only store one word.

So you write 10 words. The too long data might get written into a part of the computer’s memory where its shouldn’t be in, and gets executed.

With this method you could easily can do damage to a system.

 

Sometimes it’s not even the browser’s or plug-in developer’s fault.

If the plug-in has access to something it is allowed to have, but there’s a bug in the operating system, it can just exploit that.

E.g. you could reliably crash a Windows computer by accessing C:concon – And even in Windows 10, you can’t create those folders. Under old windows versions you could just embed an image or try in another way to access that path, and you’d crash any windows computer. Fun times! 🙂