excessive browser permissions¶

Description¶

Excessive browser permissions occur when web applications request more permissions than necessary from the browser, potentially leading to unauthorized data access or user tracking.

Remediation¶

1. Review the browser permissions requested by the web application and ensure they are essential for its functionality.
2. Implement the Permissions-Policy header to limit the permissions requested from the browser.
3. Use the principle of least privilege by requesting only the necessary permissions.
4. Regularly audit permissions to ensure no excessive permissions are being requested over time.
5. Notify users about the permissions required and why they are needed to promote transparency and user trust.
6. Conduct security assessments to identify potential risks associated with excessive permissions.
7. Stay up to date with browser updates and security best practices related to permissions.

Configuration¶

Identifier: configuration/excessive_browser_permissions

Examples¶

Ignore this check¶

checks:
  configuration/excessive_browser_permissions:
    skip: true

Score¶

• Escape Severity: low

Compliance¶

• OWASP: API6:2023
• OWASP LLM: LLM06:2023
• pci: 6.2
• gdpr: Article-25
• soc2: CC8
• psd2: Article-96
• iso27001: A.12.7
• nist: SP800-53
• fedramp: SC-18

Classification¶

• CWE: 732

Score¶

• CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
• CVSS_SCORE: 3.0