Chrome, Edge and Opera - System environment variables leak [CVE-2022-0337] ($10000 USD)
We discussed this vulnerability during Episode 129 on 21 March 2022
Great bounty for a fairly simple bug, the showSaveFilePicker
would allow JavaScript to provide options including a default filename, which could include `%envrionment% vars on Windows. The JavaScript could then access the name of the saved file in the resulting promise.