Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhereextension, if users do nothing else but visit a web page.
Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.
"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.
"In fact, I managed to disable any extension and most without any user interaction."
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.