all InfoSec news
When extension pages are web-accessible
Aug. 31, 2022, 12:36 p.m. |
Almost Secure palant.info
In the article discussing the attack surface of extension pages I said:
Websites, malicious or not, cannot usually access extension pages directly however.
And then I proceeded talking about extension pages as if this security mechanism were always in place. But that isn’t the case of course, and extensions will quite often disable it at least partially.
The impact of extension pages being exposed to the web is severe and warrants a thorough discussion in a separate article. So here …
More from palant.info / Almost Secure
Implementing a “Share on Mastodon” button for a blog
6 months, 2 weeks ago |
palant.info
Chrome Sync privacy is still very bad
8 months, 1 week ago |
palant.info
Why browser extension games need access to all websites
10 months, 3 weeks ago |
palant.info
Another cluster of potentially malicious Chrome extensions
10 months, 4 weeks ago |
palant.info
More malicious extensions in Chrome Web Store
11 months, 1 week ago |
palant.info
Jobs in InfoSec / Cybersecurity
Cyber Security Engineer I
@ Fortress Security Risk Management | Cleveland, OH, United States
Senior DevSecOps Engineer
@ Wisk Aero | Remote United States
Vulnerable Adult Investigator - Vice President
@ JPMorgan Chase & Co. | Chicago, IL, United States
Consultant Réseaux IT Digital Impulse - H/F
@ Talan | Paris, France
DevSecOps Engineer (Onsite)
@ Accenture Federal Services | Arlington, VA
Senior Security Engineer
@ Minitab | State College, Pennsylvania, United States