Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Extension Steals Login Details

Posted by kdawson on from the hey-it-was-sitting-there-in-the-dom dept.

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.

6 of 155 comments (clear)

  1. Re:How is this different by binkzz · · Score: 2, Interesting

    You are correct, and this "news" article is hardly shocking or news. But I do agree that plugins have too many permissions.for all sites that you browse, and that security could be a lot tighter.

    --
    'For we walk by faith, not by sight.' II Corinthians 5:7
  2. Re:How is this different by Anonymous Coward · · Score: 1, Interesting

    Some check boxes showing which permissions the plugin wants, and which permissions you will give it, would be nice, easy, and effective at preventing something titled as a "bookmark enhancer" from stealing your passwords

  3. Re:UGH! When are you going to learn?? by countertrolling · · Score: 2, Interesting

    They ARE censoring their search results. And they are doing that everywhere, not just China. What makes you think they aren't? Because they say so? Please... stop

    --
    For justice, we must go to Don Corleone
  4. Re:How is this different by Anonymous Coward · · Score: 1, Interesting

    Definitely not. Noscript only prevents scripts running on web pages.

  5. Re:How is this different by yoyhed · · Score: 2, Interesting

    I agree with your sentiments. However, note that in IE it does NOT warn you at all - that's not good. There should be one warning.

    However, that's beside my point. I was just demonstrating that Chrome has plenty of warning for installing an extension, and that people should not get their panties in a bunch because *gasp* users ignoring a warning about downloading and installing software from third parties can lead to malicious code execution.

    --
    WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
  6. Re:How is this different by Anonymous Coward · · Score: 1, Interesting

    Funny you should mention NoScript, since that's a plugin that's already been involved in its own scandal. Not as bad as stealing login information but still a breach of the users' trust.