Amazon One-Click Chrome Extension Snoops On SSL Traffic

An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."

HTTPS-specific extensions

[TWX]

This makes me wonder if there'll be a general code review of browser extensions like HTTPS Everywhere and HTTPS Finder and the like. I hope that they aren't compromised.