... and in light of the above, there are still many people who blame Apple for its approach, i.e. a closed ecosystem.
Another cluster of potentially malicious Chrome extensions https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Basic rules of utilizing browser extensions: 1. Always. Limit. Extension. Use. 2. Use bare minimum and only well known, reputable extensions that have been in circulation for a long time. Good gravy, how can people be so gullible to be installing these "gimmicky" extensions? The names of some of these bogus extensions alone should raise some sort of red flag: Flash Video Downloader The Great Suspender Cute Cursors Volume Booster Roblox with extras! Finally, shame on Google for not doing a better job of validating these extensions before allowing them to be uploaded to the Chrome store.
Definitely! However, there are numerous examples of add-ons which had been available for a long time suddenly going rogue particularly if taken over by someone else - and not every user is aware of those transitions. That's why I keep repeating myself: the best protection is using Firefox with "recommended" extensions as that gives you - together with what you said above - an additional layer of protection not available in any Chromium-based browser. Sure, but it's not always easy to distinguish between good and bad extensions - see the example of the PDF viewers shown on Palant's article. Yes, and the situation on Android isn't any better.
I suppose someone using a Chrome or Chrome-based browser could check the "recommended" extensions for Firefox and use the same available from the Chrome store, and that should *hopefully* assure they will likely get a safe extension. I use Librewolf mostly and rarely Chrome in Linux, with only uBlockO installed in Librewolf and uBlockO Lite in Chrome, both developed by Raymond Hill.
Exactly, I think it's troubling that browser developers have still not tackled this problem, in fact they seem to completely ignore this attack factor. They should develop some type of browser extension sandbox, because I never realized how much privileges these extensions have. For example, apparently extensions can even steal cookies, see link. And nobody is bothered by this, what the hell? Shame on Google, Mozilla, Microsoft and probably also Apple. https://www.wilderssecurity.com/thr...ew-malicious-chatgpt-chrome-extension.451572/
The story goes on: https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/ Very useful and interesting:
This is what I find so strange. Apparently, this anti-phishing extension has been developed by the official Belgium cybersecurity department, but check out how many privileges it needs. Surely this can't be right? https://chrome.google.com/webstore/detail/safeonweb-browser-extensi/amialdekbcegcahjcfecabnfcpomibdc
