Impact
The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets.
Patches
This has been fixed by #5657, which is included in 3.15.0.
Workarounds
There are no known workarounds.
Impact
The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a
bloborigin from the Matrix client, so it is possible for a malicious document to access user messages and secrets.Patches
This has been fixed by #5657, which is included in 3.15.0.
Workarounds
There are no known workarounds.