How Web Apps Can Turn Browser Extensions Into Backdoors

From threatpost.com

Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.

Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by an adversary that can steal sensitive browser data and plant arbitrary files on targeted systems.

“We identified a good number of extensions that can be exploited by web applications to benefit from their privileged capabilities,” wrote Université Côte d’Azur researcher Dolière Francis Somé, in an academic paper titled Empowering Web Applications with Browser Extensions (PDF).

Read more…