![]() Catalin Cimpanu points out the facts in the above tweet and has published an article with a summary at ZDNet. The Fire Department provides fire, EMS, rescue, hazardous materials and disaster response and mitigation. ![]() The researcher has published a 19-page PDF document on the subject. WeResearcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites /A4Sur24SbG In other words, this data could under normal circumstances only have been accessed by the extension's own code (after the appropriate permissions had been obtained). This gave malicious websites direct access to the data stored in a user's browser. He was able to identify 197 extensions that exposed internal API communication interfaces for web applications. He developed a tool and tested over 78,000 Chrome, Firefox and Opera extensions. Uncovered: 200 extensions affectedĭolière Francis Somé, a researcher at the Université Côte d'Azur and INRIA, a French research institute, has taken up this topic. Even downloading malicious code via add-on would be possible. There have been several privacy scandals in the past, where the browser history was passed on to the developers of the extensions and then sold to data harvesters.īut an attacker could go further and use browser extensions to hijack sessions on email or other password-protected accounts and gain access to sensitive data in those user accounts. Malicious Web pages can also use browser extension APIs to execute code in the browser and steal sensitive information such as bookmarks, browser history, and even user cookies. ![]() Too often extensions have proven to be a root cause for trouble or a security risk. I don't have any extensions here in Chrome anymore – in Firefox, which I only use for tests, there are a few add-ons (Facebook containers and a performance test for websites). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |