Google and Mozilla are failing to support browser extension developers
https://armin.dev/blog/2019/08/supporting-browser-extension-developers/ [armin.dev]
2019-08-01 23:10
tags:
browser
development
web
It is a regular occurrence to hear about open source developers selling their browser extensions, only for their users to be exploited later on by the new owners.
One of the reasons I’m wary of extensions. Least audited and least controlled code delivery mechanism for many systems.
source: L
Adblock Plus filter lists may execute arbitrary code in web pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/ [armin.dev]
2019-04-15 18:50
tags:
browser
security
turtles
web
Under certain conditions the $rewrite filter option enables filter list maintainers to inject arbitrary code in web pages.
I’d say this is somewhat working by design, but there’s a problem that we have large unauditable auto updating piles of magic hiding in everything we touch.
source: HN