add-ons
2022
- Hijacking webcams with Screencastify
- Adobe Acrobat hollowing out same-origin policy
- Party time: Injecting code into Teleparty extension
- Skype extension: All functionality broken? Still exploitable!
2021
- Yes, fun browser extensions can have vulnerabilities too!
- Abusing Keepa Price Tracker to track users on Amazon pages
- Breaking Custom Cursor to p0wn the web
- Data exfiltration in Keepa Price Tracker
- Having fun with CSS injection in a browser extension
- Universal XSS in Ninja Cookie extension
- Print Friendly & PDF: Full compromise