Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Extension Steals Login Details

Posted by kdawson on from the hey-it-was-sitting-there-in-the-dom dept.

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.

2 of 155 comments (clear)

  1. Re:How is this different by n0-0p · · Score: 4, Informative

    NoScript does nothing whatsoever to restrict extensions or plugins. Nor would it even possible for it to do so without a major redesign of Firefox's extension system including the introduction of a security model with trust levels.

  2. Re:How is this different by n0-0p · · Score: 4, Informative

    Chrome already lists the permissions an extension requests at installation. The UI on that interaction is junk, so you need to be a fairly knowledgeable user to make heads or tails of it, but the information is definitely there.