Websites can steal browser data via extensions APIs January 19, 2019 https://www.zdnet.com/article/websites-can-steal-browser-data-via-extensions-apis/ "EmPoWeb: Empowering Web Applications with Browser Extensions" (PDF): http://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf https://arxiv.org/pdf/1901.03397.pdf
This is absolutely crazy. The people responsible for the extension architecture should be ashamed. This is another thing that browser makers like Google and Mozilla should now be focused on, this stuff must be fixed.
OK, kinda freaky. So I looked at the paper. Bottom line, this is mostly Chrome and Opera stuff. And there are too many to list, so hey. Also, the dangerous Firefox extensions are not the sort we typically talk about here. They are: Code: TABLE IX: Chrome, Firefox and Opera extensions which give web applications access to privileged APIs ... Firefox Browser Extension unique Web applications Target web Permissions identifier or name to send messages applications (accessible from to access privileged API) guretv-ver-tv * * eval,host,storage buxenger * * eval,host bitbucket-server * * host logincataddon logincat.com, * host facebook-photo-zoom-easy www.facebook.com * host facebook-photo-zoom www.facebook.com * host markanabak-eklentisi *.markanabak.com, *.wipo.int, host skimdaddy * skimdaddy.com host the-trees-network *.treesnetwork.com, docs.google.com, host assina-me * - downloads liber-capital * - downloads video-downloader-1 * - downloads openvost animevost.org - downloads youtube-video-download-convert *.youtube.com - downloads openvideo droppages.com - storage vgis *.vonage.com - storage Based on their names, the ones that give access storage are likely Chrome or Opera extensions. But TFA doesn't make that clear. Code: TABLE VII: Extensions which give access to their storage to any application eljhpoopiapggnlfcilpbihgbgbpnkgd ... pjojmkmdealampgchopkfbejihpimjia Code: TABLE VIII: Extensions which give access to their storage to specific applications lpkhcobfjeidpkllbeagkkmmjgbmpfch mail.google.com eggdmhdpffgikgakkfojgiledkekfdce mail.google.com jmllflbhbembffempimjdbgnaodpoihh mail.google.com jmlnhlclbpfcbkaoaegfigepaffoankc *.google.com, gaoiiiehelhpkmpkolndijhiogfholcc netflix.com ghldlmcbffbcnoofadgcapodmpiimflj netflix.com jpgadigdffhcjldfkanacncocacekkie netflix.com/watch/ peiajekggpiihnhphljoikpjeaahkdcn beam.pro bnfboihohdckgijdkplinpflifbbfmhm plug.dj aclhfmpoahihmhhacaekgcbjaeojnifa wordix.io, hcdfoeppbchkbbpplllggbjkkfokifej *.vk.com/feed/ hddnlanhlmifafibmlabomkkkobcmchj thankscoin.org lhjajgnfmiliphkioedlmbfcdkhdhnkc *.service-now.com bmdlalnebjigindhobniianfmhakfelf robertsspaceindustries.com, dadggmdmhmfkpglkfpkjdmlendbkehoh openvideo.droppages.com pbpfgdgddpnbjcbpofmdanfbbigocklj tweetdeck-enhancer ilpkhojfiejdbkgcjbmllngjebdoehim *.phylotree.org cfnjeahambijfdljfacldifapdcklhnj isogg.org cjkbjhfhpbmnphgbppkbcidpmmbhaifa *.player.me ddiaadobgihkgefcaajmkjgmnjakiamn auth.digitalkeyway.com dienbdhbgkpddlgaceopelifcjpmkeha *.gestionderesidencias.es dnpdkejhfeeipmklhlkdjaoakbkjkkjn datalane.io gmjdaaahidcimfaipifeoekglllgdllb chat.stackexchange.com kfodnoaejimmmphonklghkimhnhhgbce overlayBI.com Edit: OK, I had to look. I mean, "assina-me"? https://www.crunchbase.com/organization/signs-me-assina-me-