The 1Password Community forums are in read-only mode from Jan 28th - Feb 4th, 2025. Find out more.

Do cross-app resource attacks affect non-Safari browsers?

arlo_phoenix
arlo_phoenix
Community Member
in Mac

Just read your post on the fixes to cross-app resource attacks (XARA) in OSX 10.11: https://blog.agilebits.com/2015/10/15/1password-and-the-case-of-the-xara-bandit/

In this post it sounds like the fixes only apply to Safari 9+. Are other browsers e.g. Firefox, Chrome still vulnerable to this type of attack?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: OS X 10.11
Sync Type: Not Provided
Referrer: forum-search:Do cross-app resource attacks affect non-Safari browsers?

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @arlo_phoenix,

    The answer is yes. Each browser needs to implement their solution. Apple provided this for Safari and so we jumped on to it. Security is important so I have no doubt that as soon as each browser has something we can utilise that we will investigate and use it where possible. What I would say though is being susceptible and your Mac being at real risk are different so it's a judgement call. I install as little on my Mac as possible so while it is susceptible I do believe I don't have any dodgy processes running in the background. I'm not unhappy that my preferred browser was Safari anyway though :tongue:

This discussion has been closed.