I’ve started publishing my “extension security basics” article series. First article takes apart a very simple extension. Two more are already written, quite a few more are planned.
Not sure whether this comes as a surprise to anyone but one of the conclusions is: more popular extensions tend to use more powerful privileges. So all that sandboxing does comparably little when popular extensions are compromised.
What does it take to make an extension page vulnerable Remote Code Execution, giving away access to all extension privileges? Quite a lot actually. This article looks into what a vulnerable extension looks like and how it could be attacked.
Next article, continuing to look at potential attacks on extension pages. This time looking at web-accessible pages, this allows for lots of potential mischief. So the article covers lots of ground. Hopefully still comprehensible this way.
A Mastodon instance for info/cyber security-minded people.