Collaborate Disseminate
I’m considering installing a Firefox add-on (browser extension) which requests the permission Access your data for all websites. This add-on is not on the list of Mozilla’s "actively monitored" add-ons.
Since it’s reasonable for … Continue reading Firefox add-ons: Which permission(s) govern the ability to make additional network requests?
I lately noticed that my web browser (latest Firefox) is acting strange: form field content is getting deleted, text randomly marked and the system suddenly crashes as if the device is remotely controlled and overloaded.
Checking my system… Continue reading How to mitigate against malicious browser extensions that rely on rtkit-daemon and dbus for remote control?
Due to the Covid crisis everyone in my company works remotely from home.
Most company systems are accessed via the browser and the following browser extension is used for user authentication:
https://docs.centrify.com/Content/Applications/… Continue reading How to protect against malicious code execution of unethical browser extensions? [closed]
Usually, for all types of authentications, we trust the registration process and assume there is no attack is happening Like in the case of FIDO2 registration. However, as the registration process is built within the browser and can be com… Continue reading Does moving webAuthn API from browser to OS improves security of registration process?
A lot of security and privacy-preserving protocol/infra codes are implemented in the browsers. These security protocols can simply be compromised by extensions.
Why we do not move the security protocols to OS and let the browser communica… Continue reading Browser vs OS security [closed]
I’m writing a chrome extension that evaluates certain code blocks from GitHub pages, e.g.,
Lorem ipsum
“`html-embed
<iframe></iframe>
“`
dolor site amet.
and adds their content as HTML to the page. Is this potentially danger… Continue reading Is there malicous HTML?
I see the extension Google Dictionary from Chrome Web Store as not actually by Google. I have found the following information:
1: The title contains "Google" twice making people think it’s actually by google.
2: Extensions actual… Continue reading Is the extension "Google Dictionary" actually by google? (Or at least safe to install)
I’m interested in getting a coupon code for an online purchase and to this end Honey is nice, but when it comes to protecting my data Honey is really invasive. Can I curb Honey’s hunger for my whole browser interaction by only using it wit… Continue reading Can I curb Honey’s grab for my data by only using it within a separate profile?
I checked my youtube watch history and it showed videos that I never watched. Looking at the types of videos in the history, I am 100% sure someone else is using it (maybe for monetary purposes), but don’t know how they are getting access…. Continue reading Monitoing Malicious Chrome Extension [closed]
Browser wallet extensions that let you interact with dapps are required to access different crypto-related services. These (to mention a few: MetaMask, Fortmatic, Tron wallet, etc) often require access to everything I do in the browser, in… Continue reading How to securely use crypto wallet extensions?