all InfoSec news
Attack surface of extension pages
Aug. 24, 2022, 9:56 a.m. |
Almost Secure palant.info
In the previous article we discussed extension privileges. And as we know from another article, extension pages are the extension context with full access to these privileges. So if someone were to attack a browser extension, attempting Remote Code Execution (RCE) in an extension page would be the obvious thing to do.
In this article we’ll make some changes to the example extension to make such an attack against it feasible. But don’t be mistaken: rendering our extension …
More from palant.info / Almost Secure
Implementing a “Share on Mastodon” button for a blog
6 months, 2 weeks ago |
palant.info
Chrome Sync privacy is still very bad
8 months, 1 week ago |
palant.info
Why browser extension games need access to all websites
10 months, 3 weeks ago |
palant.info
More malicious extensions in Chrome Web Store
11 months, 1 week ago |
palant.info
Jobs in InfoSec / Cybersecurity
Junior Cybersecurity Analyst - 3346195
@ TCG | 725 17th St NW, Washington, DC, USA
Cyber Intelligence, Senior Advisor
@ Peraton | Chantilly, VA, United States
Consultant Cybersécurité H/F - Innovative Tech
@ Devoteam | Marseille, France
Manager, Internal Audit (GIA Cyber)
@ Standard Bank Group | Johannesburg, South Africa
Staff DevSecOps Engineer
@ Raft | San Antonio, TX (Local Remote)
Domain Leader Cybersecurity
@ Alstom | Bengaluru, KA, IN