top | item 17611652

(no title)

agl | 7 years ago

Webauthn and WebUSB UIs are very different. Additionally, Chrome has banned WebUSB from claiming Security Keys.

However, it remains the case that if the user downloads and runs exes, or otherwise grants the attacker direct access to the Security Key, then they can ask it to sign an authentication request for a given website. Such an attacker could also compromise the browser and wait for the user to login themselves etc.

discuss

danjoc|7 years ago

>Chrome has banned WebUSB from claiming Security Keys

Since when? Is this extension now broken?

https://chrome.google.com/webstore/detail/smart-card-connect...

agl|7 years ago

I don't know about the specific extension, but see https://groups.google.com/a/chromium.org/d/msg/blink-dev/LZX...

wolf550e|7 years ago

Since webusb broke u2f: https://pwnaccelerator.github.io/2018/webusb-yubico-disclosu...