all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Impact of extension privileges

Add to bookmarks
Aug. 17, 2022, 1:01 p.m. |

Almost Secure palant.info

As we’ve seen in the previous article, a browser extension isn’t very different from a website. It’s all the same HTML pages and JavaScript code. The code executes in the browser’s regular sandbox. So what can websites possibly gain by exploiting vulnerabilities in a browser extension?


Well, access to extension privileges of course. Browser extensions usually have lots of those, typically explicitly defined in the permissions entry of the extension manifest, but some are granted implicitly. Reason enough to …

extension impact privileges

Visit resource

More from palant.info / Almost Secure

Numerous vulnerabilities in Xunlei Accelerator application 2 months ago | palant.info
accelerator application china chrome +10
Implementing a “Share on Mastodon” button for a blog 6 months, 2 weeks ago | palant.info
articles blog button easier +11
A year after the disastrous breach, LastPass has not improved 8 months ago | palant.info
attackers breach community data +7
Chrome Sync privacy is still very bad 8 months, 1 week ago | palant.info
article bad chrome firefox +3
Why browser extension games need access to all websites 10 months, 3 weeks ago | palant.info
access browser browser extension browser extensions +12
Another cluster of potentially malicious Chrome extensions 11 months ago | palant.info
ad blockers called chrome chrome extensions +11
Introducing PCVARK and their malicious ad blockers 11 months ago | palant.info
adblock ad blocker ad blockers blocker +8
How malicious extensions hide running arbitrary code 11 months ago | palant.info
article avast chrome chrome web store +11
More malicious extensions in Chrome Web Store 11 months, 1 week ago | palant.info
article chrome chrome web store code +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Engineer

@ Celonis | Munich, Germany
View on infosec-jobs.com

Security Engineer, Cloud Threat Intelligence

@ Google | Reston, VA, USA; Kirkland, WA, USA
View on infosec-jobs.com

IT Security Analyst*

@ EDAG Group | Fulda, Hessen, DE, 36037
View on infosec-jobs.com

Scrum Master/ Agile Project Manager for Information Security (Temporary)

@ Guidehouse | Lagunilla de Heredia
View on infosec-jobs.com

Waste Incident Responder (Tanker Driver)

@ Severn Trent | Derby , England, GB
View on infosec-jobs.com

Risk Vulnerability Analyst w/Clearance - Colorado

@ Rothe | Colorado Springs, CO, United States
View on infosec-jobs.com
View more jobs