Odaily Planet Daily News Slow Mist Cosine posted on the X platform: "An extension wants to do evil, such as stealing cookies from the target page, privacy in localStorage (such as account permission information, private key information), DOM tampering, request hijacking, clipboard content acquisition, etc." You can configure the relevant permissions on manifest.json. If the user doesn't pay attention to the extension's permission request, it's in trouble. But if an extension wants to do evil, it is not easy to directly engage in other extensions, such as well-known wallet extensions... Because the sandbox isolated... For example, it is impossible to directly steal the private key/mnemonic information stored in the wallet extension. If you are worried about the permission risk of an extension, it is actually very easy to judge this risk, you can not use it after installing the extension, look at the extension ID, search for the local path of the computer, find the manifest.json file in the root directory of the extension, and throw the content of the file directly to the AI for permission risk interpretation. If you have an isolation mentality, you can consider enabling Chrome Profile separately for unfamiliar extensions, at least to control the evil, and most extensions don't need to be turned on all the time. ”
View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Reward
like
2
Share
Comment
0/400
Tomievr
· 03-14 14:05
Hold on tight 💪
Reply0
ExplodedOldLeek
· 03-14 13:57
Slow Fog mentioned in a post on platform X that Chrome extensions may pose privacy risks, such as stealing Cookies, localStorage, and DOM tampering, but directly attacking well-known Wallet extensions is quite difficult due to sandbox isolation. Users are advised to check extension permissions to avoid potential risks, and they can also enable a separate Chrome profile for unfamiliar extensions to drop malicious risks.
Slow mist cosine: Users need to pay attention to the permission request of browser extensions and have an isolated thinking
Odaily Planet Daily News Slow Mist Cosine posted on the X platform: "An extension wants to do evil, such as stealing cookies from the target page, privacy in localStorage (such as account permission information, private key information), DOM tampering, request hijacking, clipboard content acquisition, etc." You can configure the relevant permissions on manifest.json. If the user doesn't pay attention to the extension's permission request, it's in trouble. But if an extension wants to do evil, it is not easy to directly engage in other extensions, such as well-known wallet extensions... Because the sandbox isolated... For example, it is impossible to directly steal the private key/mnemonic information stored in the wallet extension. If you are worried about the permission risk of an extension, it is actually very easy to judge this risk, you can not use it after installing the extension, look at the extension ID, search for the local path of the computer, find the manifest.json file in the root directory of the extension, and throw the content of the file directly to the AI for permission risk interpretation. If you have an isolation mentality, you can consider enabling Chrome Profile separately for unfamiliar extensions, at least to control the evil, and most extensions don't need to be turned on all the time. ”