SponsorBlock Critical Security Vulnerabilities

SponsorBlock had 7 critical vulnerabilities. Private data of 82k users was accessible.

Full details: https://paste.rs/jVLQb.txt

Data not leaked. Waiting for developer response.

2 points | by IDIRIS 2 hours ago

1 comments

  • mtmail 1 hour ago
    Booo for not waiting for the developer's response. It hasn't even been 24 hours. It's not even July/4th in Europe yet.

    > We have no malicious intentions. Our only goal was to identify these security issues and inform the developer so they can be fixed.

    > conducted this research in good faith.

    Posting it online the same day, then posting on HN to promote it isn't good faith.

       - Any user’s private profile could be retrieved, including:
         • Chosen Username
         • Total Segment Count
         • Minutes Saved for the community
         • View Count (how many times their segments helped others)
         • Reputation Score
         • VIP Status
         • Privacy Preferences
    
    Anonymous user names and some counts.