Chrome extensions crocked with simple attack

  • 3 August 2015
  • 0 replies
  • 123 views

Userlevel 7
Badge +52
Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhereextension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."
 
Full Article

0 replies

Be the first to reply!

Reply