Tag: Javascript

• [$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
  Bypassing the spoof geolocation feature in browser extensions to disclose the physical location of a user. I share two high severity bugs. Bug 1 is a generic payload that works across multiple extensions, and bug 2 is an ExpressVPN specific payload that has been patched. This post is a case study with the Location Guard & ExpressVPN extensions, my bug bounty experience, and a few takeaways that may prove insightful for others.

---

All Tags

POC Hacking JavaScript reverse-engineering SharePoint PowerApps Debugging Cloud BugBounty Browser TypeScript Tutorial Privilege-Escalation Power-Automate OneDrive Microsoft M365 Joplin Game-Hacking Electronjs Chromium Browser-Extension x64dbg x32dbg pykd mona.py mobile linux il2cpp adb XXS Wordpress WinDbg-Preview WinDbg Web-Appplication Web VSCode VPS Unity Tooling Static-Analysis Race-Condition Python PowerShell Power-Platform Phishing Pentesting Paypal Payment-Gateway Outlook Oracle Optimization Open-Source Microsoft-Teams Microsoft-Edge Javascript Java Image-Manipulation IDE HackerOne GraphQL Google-Maps Frida Extension ExpressVPN Exploits Email Electron.js Dynamic-Testing Docker Development Credential-Dumping CodeQL Code-Review CTF BurpSuite BugCrowd Blender Android .apk