all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Attack surface of extension pages

Add to bookmarks
Aug. 24, 2022, 9:56 a.m. |

Almost Secure palant.info

In the previous article we discussed extension privileges. And as we know from another article, extension pages are the extension context with full access to these privileges. So if someone were to attack a browser extension, attempting Remote Code Execution (RCE) in an extension page would be the obvious thing to do.


In this article we’ll make some changes to the example extension to make such an attack against it feasible. But don’t be mistaken: rendering our extension …

attack attack surface extension

Visit resource

More from palant.info / Almost Secure

Numerous vulnerabilities in Xunlei Accelerator application 2 months ago | palant.info
accelerator application china chrome +10
Implementing a “Share on Mastodon” button for a blog 6 months, 2 weeks ago | palant.info
articles blog button easier +11
A year after the disastrous breach, LastPass has not improved 8 months ago | palant.info
attackers breach community data +7
Chrome Sync privacy is still very bad 8 months, 1 week ago | palant.info
article bad chrome firefox +3
Why browser extension games need access to all websites 10 months, 3 weeks ago | palant.info
access browser browser extension browser extensions +12
Another cluster of potentially malicious Chrome extensions 11 months ago | palant.info
ad blockers called chrome chrome extensions +11
Introducing PCVARK and their malicious ad blockers 11 months ago | palant.info
adblock ad blocker ad blockers blocker +8
How malicious extensions hide running arbitrary code 11 months ago | palant.info
article avast chrome chrome web store +11
More malicious extensions in Chrome Web Store 11 months, 1 week ago | palant.info
article chrome chrome web store code +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Junior Cybersecurity Analyst - 3346195

@ TCG | 725 17th St NW, Washington, DC, USA
View on infosec-jobs.com

Cyber Intelligence, Senior Advisor

@ Peraton | Chantilly, VA, United States
View on infosec-jobs.com

Consultant Cybersécurité H/F - Innovative Tech

@ Devoteam | Marseille, France
View on infosec-jobs.com

Manager, Internal Audit (GIA Cyber)

@ Standard Bank Group | Johannesburg, South Africa
View on infosec-jobs.com

Staff DevSecOps Engineer

@ Raft | San Antonio, TX (Local Remote)
View on infosec-jobs.com

Domain Leader Cybersecurity

@ Alstom | Bengaluru, KA, IN
View on infosec-jobs.com
View more jobs