- Aug 17, 2014
- 11,198
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.
WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. As part of the WebUSB specification, there are certain interface classes that are protected from being accessed via web applications to prevent malicious scripts from accessing potentially sensitive data.
The list of protected interface classes are audio, HID (Human Interface Device), mass storage, smart card, video, audio/video Devices, and wireless controller.
In addition, the WebUSB specification includes a block list of specific USB devices that cannot be accessed by the API, such as YubiKeys, Google Titan keys, and Feitian security keys, which are used for multi-factor authentication.
Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.
"The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB," Google noted in a Chrome status update.
"With this feature, Isolated Web Apps with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes."
Google says it plans to ship it for testing in Chome 128, which should be released in August 2024.
Google Chrome to let Isolated Web App access sensitive USB devices
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.
www.bleepingcomputer.com
Last edited: