Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Rogue websites can turn vulnerable browser extensions into back doors

Chrome-extensions-nakedsecurity

When was the last time you checked the permissions asked for by a browser add-on?

It’s a blind spot: we might know that app permissions can be risky but when it comes to extensions for browsers such as Chrome and Firefox there is a tendency to worry about it only when someone discovers a malicious extension doing something it shouldn’t.

But it’s not only malicious extensions that can be a problem, as highlighted by a newly published study by Université Côte d’Azur researcher, Dolière Francis Somé, which analyses deeper-level APIs.

Extensions can do things that websites can’t. Websites are protected and restricted by Same Origin Policy (SOP) policy – the layer that restricts websites on different domains from sharing data.

Somé was interested in whether a rogue extension could bypass these basic SOP protections by exploiting privileged browser extensions, maliciously gaining access to user data, browsing history, user credentials, or to download files in storage.

Sure enough,...(continued)

View All Trending Stories