Is JSON vulnerability still possible?

I have a bunch of REST APIs which would be consumed by frontend applications created by customers using our product. I have suggested to only use last 2 versions of Chrome for running frontend apps. They would be using Angular.

I was going through Angular’s security guide which says,

Cross-site script inclusion, also known as JSON vulnerability, can
allow an attacker’s website to read data from a JSON API. The attack
works on older browsers by overriding built-in JavaScript object
constructors, and then including an API URL using a tag.

This attack is only successful if the returned JSON is executable as
JavaScript. Servers can prevent an attack by prefixing all JSON
responses to make them non-executable, by convention, using the
well-known string “)]}’,\n”.

I checked the related questions on SO/SE. Going by the accepted answers, it seems that this used be a vulnerability a long time ago when browsers allowed overriding Array constructor.
Is it still possible to have JSON vulnerability attack given latest version of Chrome will be used?

Related SE/SO questions:

  1. Why JSON Hijacking attack doesn’t work in modern browsers? How was it fixed?
  2. How is it possible to poison JavaScript Array constructor and how does ECMAScript 5 prevent that?
  3. How does including a magic prefix to a JSON response work to prevent XSSI attacks?
  4. https://stackoverflow.com/questions/55206306/is-facebook-suddenly-safe-against-json-hijacking/55206724#55206724
  5. https://stackoverflow.com/questions/3146798/why-do-people-put-code-like-throw-1-dont-be-evil-and-for-in-front-of#3147804

Continue reading Is JSON vulnerability still possible?

How to turn this particular HTML rendering into a XSS or open redirection

I am performing penetration testing on a web application. Let’s say the site as "https://example.com"
There is a comment field , where a user can add data and it will be shown in the same page.
So I was trying multiple payloads a… Continue reading How to turn this particular HTML rendering into a XSS or open redirection