add-ons

2021

• Abusing Keepa Price Tracker to track users on Amazon pages October 5
• Breaking Custom Cursor to p0wn the web September 28
• Data exfiltration in Keepa Price Tracker August 2
• Having fun with CSS injection in a browser extension June 28
• Universal XSS in Ninja Cookie extension May 4
• Print Friendly & PDF: Full compromise April 13

2020

• A grim outlook on the future of browser add-ons August 31

2019

• State of the art protection in Chrome Web Store September 9

2016

• Safari extension format (.safariextz) explained August 17

2014

• “Unloading” frame scripts in restartless extensions November 19
• Extension security and add-on stores February 25