all InfoSec news
Impact of extension privileges
Aug. 17, 2022, 1:01 p.m. |
Almost Secure palant.info
As we’ve seen in the previous article, a browser extension isn’t very different from a website. It’s all the same HTML pages and JavaScript code. The code executes in the browser’s regular sandbox. So what can websites possibly gain by exploiting vulnerabilities in a browser extension?
Well, access to extension privileges of course. Browser extensions usually have lots of those, typically explicitly defined in the permissions entry of the extension manifest, but some are granted implicitly. Reason enough to …
More from palant.info / Almost Secure
Implementing a “Share on Mastodon” button for a blog
6 months, 2 weeks ago |
palant.info
Chrome Sync privacy is still very bad
8 months, 1 week ago |
palant.info
Why browser extension games need access to all websites
10 months, 3 weeks ago |
palant.info
More malicious extensions in Chrome Web Store
11 months, 1 week ago |
palant.info
Jobs in InfoSec / Cybersecurity
Security Engineer
@ Celonis | Munich, Germany
Security Engineer, Cloud Threat Intelligence
@ Google | Reston, VA, USA; Kirkland, WA, USA
IT Security Analyst*
@ EDAG Group | Fulda, Hessen, DE, 36037
Scrum Master/ Agile Project Manager for Information Security (Temporary)
@ Guidehouse | Lagunilla de Heredia
Waste Incident Responder (Tanker Driver)
@ Severn Trent | Derby , England, GB
Risk Vulnerability Analyst w/Clearance - Colorado
@ Rothe | Colorado Springs, CO, United States