If an extension lets anyone inject CSS into Google websites, how bad could this get? This isn’t XSS but still pretty bad. From displaying scams on trusted websites to exfiltrating data: lots of possibilities.

Very nice reporting experience for a change.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.