Kindle – NPAPI Interface bug

Kindle exports few interfaces that can be used from a webpage.
This can cause serious security issue. You can read about that
in this link.

Chrome provides such interfaces but they provide it only
in the “chrome” domain. Web scripts from Internet runs in the “internet”
domain and scripts from apps runs in “chrome” domain.

Chrome provides lot of interfaces in the “chrome” domain. In chromeOS
they provide few extra interfaces too. Something like, you can establish
raw TCP connection from the browser.

Kindle team needs to secure these interfaces.

This entry was posted in Kindle, NPAPI and tagged , . Bookmark the permalink.

One Response to Kindle – NPAPI Interface bug

  1. Can you pls provide a link to those interfaces provided by chrome? Thx

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s