Chrome extensions flaw allows password theft

Started by Simon, Jul 12, 2010, 19:23:09

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Simon

Jul 12, 2010, 19:23:09
Extensions in Google Chrome are open to a password-stealing hack, according to a security researcher.

Because such third-party add-ons have access to the document object model (DOM) in the Chrome browser - a key API which manages information - it is possible to create an extension that can read form fields and gather passwords and logins, said Andreas Grech in a blog post.

Grech created a "simple" proof of concept plug-in that stripped such data from well-known web pages as the user logged in, and then emailed it back to him. The flaw works against sites including Gmail, Facebook and Twitter, the researcher claimed.

http://www.pcpro.co.uk/news/security/359362/chrome-extensions-flaw-allows-password-theft
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.
Print
Go Up Pages1
User actions