Reputation: 298
Can code running in the browser change that browser's configuration via about:flags
Since Chrome and other browser's configuration flags are accessible via a URL, and the configuration is done typically within a web page, I was wondering if it presented a security vulnerability.
I was thinking it might be exploitable by a specifically-formed URL, such as
chrome://flags/javascript:handleEnableExperimentalFeature(Displaylist2Dcanvas, enable)
or by a bookmarklet-style javascript that loads and manipulates the flags page? I've tried to do this but it didn't work; I'm not sure if that's because I did it wrong, or because it just isn't vulnerable to that type of attack.
Upvotes: -2
Views: 168
Answers (1)
Reputation: 3189
No you cannot do that. Just imagine if people could edit chrome flags via URL, it would be a disaster. Unless you write a chrome extension or some other client side application to change said chrome flag, you can't do that.
Upvotes: 2
Related Questions
- javascript modify script before execution
- Is it possible to change script running clientside on a webpage?
- Changing the JavaScript engine in side a web browser
- Get and Set chrome flags
- How can I change chrome://flags using chrome API?
- Trick a browser into loading <script> or <link rel="stylesheet"> URLs from local setup/server?
- Can I use JavaScript to change the JavaScript files a HTML document accesses?
- Detect javascript settings in browser
- running different JavaScript based on browser
- How to externally influence JavaScript running in a page