Looks to be a great proof of concept. No, running a standalone executable alongside the browser is not the way you'd want to do WebUSB. But it's great to see someone working on it.

▲

Orygin 7 hours ago | parent [-]

Running directly in the browser is also not how I'd want to do USB.

▲

afavour 7 hours ago | parent | next [-]

When the alternative is downloading arbitrary executables I find the browser sandbox to be a reassurance.

▲

Orygin 5 hours ago | parent | next [-]

Except the sandbox is a huge target already, and breaking it means any website can now access and mess with your usb devices. If you can develop an exploit for Chrome's WebUSB system, you potentially have millions upon millions of targets available.

Downloading an arbitrary executable can be made safe (via multiple avenues: trust, anti virus software, audits, artifact signing, reproducible builds, etc) and once the software is vetted, it exposes (or it should at least) little to no attack vector during daily use.

	▲	bastawhiz 4 hours ago \| parent [-]
		> trust, anti virus software, audits, artifact signing, reproducible builds, etc My mom has six weather apps on her phone.

▲

michaelt 3 hours ago | parent | prev [-]

Buddy if your "sandbox" lets code inside it replace your keyboard's firmware you don't have a sandbox.

▲

sagarm 2 hours ago | parent [-]

Programming your keyboard is actually a common case! See usevia.app

	▲	michaelt an hour ago \| parent [-]
		It is indeed common! But a keyboard flashed with malicious firmware becomes an undetectable keylogger, a USB rubber ducky, and a virus-laden USB stick all in one. The concept that someone would want to reflash their keyboard firmware, but wants a sandbox because they don't trust the firmware programmer makes no sense.

▲

bastawhiz 4 hours ago | parent | prev [-]

Then don't install the extension