Google Chrome extensions

They're probably dead already. Kees has posted a nice idea - using Chrome's Flash and PDF DLLs in Iron:

https://www.wilderssecurity.com/showpost.php?p=1828694&postcount=56

 

Also depends on whether it's "Yes, I believe Mr Maone inter alios, have discussed this issue at some length on his NoScript forum." Or, "Yes, I believe Mr Maone inter alios have discussed this issue at some length on his NoScript forum." In the first example, the word have makes perfect sense. In the second, has would need to replace have, in order for it to make sense....Look at me, some American dude whose American version of English is so full of unnecessary and complicated things, trying to help with British English, lol.

 

Neat:

Sexy History Viewer Lite
https://chrome.google.com/webstore/detail/dhhmlfmgnofgaiimhpmapedlkbmfopme#
(oh and dont forget to press the "Save" button a few times )

Scroll To Top Button
https://chrome.google.com/webstore/detail/chiikmhgllekggjhdfjhajkfdkcngplp#

 

Good thinking Batman ...

 

Yeah, sometimes I get my auxiliaries crossed with my moods & confused with my future historics, the only sensible recourse then is my local boozer!

 

Very usefull:
Omnibox Site Search
https://chrome.google.com/webstore/detail/cckcidchbmodjccllbmegoignhmidncg

Nice SpeedDial:
Speeddial 2
https://chrome.google.com/webstore/detail/jpfpebmajhhopeonhlcgidhclcccjcik

 

Chrome is a nice and fast browser, and there exist many excellent extensions. However, it strikes me that no one is talking about related security issues. This got my attention when I read a remark by Giorgio Maone, the Noscript developer, about the Mozilla Add-ons Review Process:

The last statement is confirmed here ...

... and here:

Now compare this with the very strict (and recently become even stricter) Mozilla Add-on Review Process described here, here and here.

Note that I'm not mentioning this in order to start a flame war. I find it just funny that this important topic is nowhere discussed (unless I missed that). Simply put: How do I know that a Chrome extension doesn't read my passwords if no review process exists?

 

I think that this is a valid point. Which is why I only tend to use the more popular extensions, primarily on the grounds that if they are used by many with no apparent problems or breaches of security, they are probably quite genuine (hopefully).

 

Yes, this makes sense although it doesn't solve the fundamental problem. And it assumes that there is always someone else playing the food taster first ...

Besides, a great number of users doesn't necessarily mean that an extension is not malicious. Hardly anybody would notice that their passwords are read - and once they do it's too late.

EDIT: Is the situation under Chrome different from the one under Android?

 

I think extension security is the last thing people think about. It seems most concentrate on only the browser itself having the vulnerabilities, and, when those are fixed, there is an assumed "all clear". As was pointed out, extensions dig themselves in deep, and that opens up quite a few more opportunities for things to go wrong. In Chromes' case, it's quite evident that too many think it's untouchable because of its sandbox. I'm not quite sure if the sandbox is going to do a lot if a part of the browser (meaning an extension) is the attacker.

No matter what browser they're run under, extensions are going to be a security risk, small or not.

 

But it makes a big difference if they undergo a strict review process or not, don't you think so?

 

Huge difference, I completely agree. I was just pointing out that extensions themselves are a security risk that you need to decide if it's worth taking.

 

One of the things that got a lot of (negative) comment in the Google Chrome help forum was the disclaimer that accompanied extensions. It was quite unambiguous. A very stern caveat emptor. The cautions on the Firefox add-ons page were relatively tepid.

Anyway, the more add-ons, the larger the attack surface. Peer review, while better than nothing, is not infallible.

 

Ermm... I do feel a little guilty about that ...

Yes, this is true. Most of my Iron/Chrome extensions are actually security ones though. However I don't know if that is just being naive.

 

Does anyone use Webutation?

 

I prefer LinkExtend.

 

Does anyone know a trick or maybe an extension P ) that can help when opened a new tab by clicking on a link with middle mouse button,to open on top?I'm used to this in FF and is annoying that misses in Chrome.
Update:The best i can find is this Open link in foreground tab

 

Yes, I used that for a bit but I thought it was a little sluggish at times. I was quite impressed though.

 

I use "Tabs to the front!" https://chrome.google.com/webstore/detail/hjaooagfdhdhmbfchnkhggjmacjlacla

 

COOOL!Thank you! Exactly what i was looking for!

 

I thought this had been abandoned? It does not appear to be updated in nearly a year and had some bugs last time I used it.

 

I just use Ultimate Chrome Flag https://chrome.google.com/webstore/detail/dbpojpfdiliekbbiplijcphappgcgjfn

 

Yeah, I like that. I've been using it for a few months now.

 

I'm giving the bitdefender trafficlight a try- working well so far. Still beta but looks promising.

http://trafficlight.bitdefender.com/

Here's a thread on it-
https://www.wilderssecurity.com/showthread.php?t=295337

 

Trying that as well, but just the extension version on Ubuntu Chromium.