...a security look at msedgewebview2 + CDP
Watch this talk on YouTube!
hello! Millions of desktop applications (eg: zoom, steam, & vscode) ship a full Chromium browser with a debug-socket backdoor baked in. I examine how CDP — the protocol that powers devtools — creates some minor weaknesses in Electron- and MsEdgeWebView2-based software. Live demo included!
- electron-test.exe
- example-cdp-commands.txt
- start-debuggable-chrome.cmd
- msedgewebview2-win32-cpp-demo/
