Almost Secure
  • Home
  • Articles
  • Categories
  • About

add-ons

2022

  • Hijacking webcams with Screencastify May 23
  • Adobe Acrobat hollowing out same-origin policy April 19
  • Party time: Injecting code into Teleparty extension March 14
  • Skype extension: All functionality broken? Still exploitable! March 1

2021

  • Yes, fun browser extensions can have vulnerabilities too! December 20
  • Abusing Keepa Price Tracker to track users on Amazon pages October 5
  • Breaking Custom Cursor to p0wn the web September 28
  • Data exfiltration in Keepa Price Tracker August 2
  • Having fun with CSS injection in a browser extension June 28
  • Universal XSS in Ninja Cookie extension May 4
  • Print Friendly & PDF: Full compromise April 13

2020

  • A grim outlook on the future of browser add-ons August 31

2019

  • State of the art protection in Chrome Web Store September 9

2016

  • Safari extension format (.safariextz) explained August 17

2014

  • “Unloading” frame scripts in restartless extensions November 19
  • Extension security and add-on stores February 25
Impressum
Privacy Policy
Creative Commons Attribution-ShareAlike 4.0 International License Content under CC BY-SA 4.0 license
Powered by Hugo | Theme is MemE