"Jeff Barnett" wrote

| It's simpler and a hell of a lot more sensible to quit using Chrome; at
| least that's what I'm guessing the majority opinion will be.
|
| From your choices and posts, I gather you get off on being tracked by
| large corporations.


Good Guy talking nonsense again.

The BBC article is a ninny-brained, superficial
description. The main problem is with the javascript
FileReader object. It's just one more example of why
it should never be considered safe to allow javascript.
But that's becoming more true. FileReader is a
relatively recent addition. (IE only supports it as
of IE10.) It allows interactive websites to read files
on the local computer. They come up with an idiotic
security risk and then they're surprised that it can
be hacked.

Can it be used against other than Win7? Browsers
other than Chrome? What they describe is a dual
vulnerability, but there's no reason to think that
anything allowing FileReader is safe. Unfortunately,
I don't know of any way to block only that functionality.
In FF you can stop all sorts of script with dom prefs,
but the only thing that looks related to FileReader
that I can find is dom.workers.websocket.enabled.
Which is yet another bonkers function that allows
a "web app" clientside to set up its own separate
connection to a web server!