Threat in your browser: what dangers innocent-looking extensions hold for users

To allow only what is required from both the browser and the extension.

All I know is that many - if not all - of the rules related to the extension id (in this case cjpal...) will "break" the extension if they don't exist. Please remember my understanding of Applocker is way below yours and other experts on it. I simply created the necessary rules that were found when running logprof.

BTW, I still run only one extension in both Linux and Windows browsers: uBlockO

Still agree 100% with this statement. I would also add that these same recommended add-ons (extensions) from the same author could also be trusted in the Chrome store.

 

Absolutely! That's because the executable (the browser) would not be allowed to access those file/folders (e.g., the add-on settings). The rules suggested by aa-logprof are often very specifc (because they reflect the requested access attempts by the browser) but that doesn't necessarily mean that they always offer more protection than broader rules. I still think that those fine-grained rules do not confine the add-ons themselves, and I'm having a hard time to think of a situation where they would be helpful. But again, perhaps I'm missing something ...

Let's hope so!

 

You are most likely correct. Could a malicious extension somehow attempt to manipulate the actions of a browser, and this is where the Apparmor restrictions could prevent this from happening? Anyway, I don't want go ot, turning this into an Apparmor discussion.

It seems the best advice offered in this thread and many technical articles is to limit extension use in number and use only the recommended and reputable ones that have been in circulation for a long time. I still feel the "gimmicky" extensions that facilitate video downloads are the least trustworthy overall. One of the links that @itman posted recently mentions this type as one used maliciously. No surprises here.

 

No, I don't think so because those rules limit the browser as a whole but not its add-ons. I mean I can imagine that an add-on might save something dubious within the browser profile. This could be prevented by AppArmor - but you would have to know if that file is really problematic/malicious when you decide if you allow this request in aa-logprof or not. (I must admit that I'm not even sure what add-ons are allowed to do according to their available permissions as I haven't tinkered with them thoroughly enough).

 

OK so they will have to inject code on the website that you're visiting and that is enough to make the browser fill in username and password? So these extensions can't simply grab the password file from disk?

Shocking stuff, and yes it's a huge problem that trusted extensions can be sold to malicious parties.

 

G-Data protecs this, even without its browser extension. Basically, it injects itself to chrome (basically behaves like a infostealer malwares btw). So its like a rage against the machine. Im using only ublock, and running chrome in restriced mode by McAfee Endpoint.

 

Can you give some more info about this, does it protect against malicious extensions? Or are you perhaps talking about its protection against banking trojans?

 

BTW, I still had installed an old extension in Vivaldi named HTML 5 Autoplay Blocker, but I disabled it years ago. Turns out that it was malware, so you never really know for sure. Here is some more info:

https://www.reddit.com/r/chrome_extensions/comments/zl338u/html5_autoplay_blocker_malware/
https://github.com/Eloston/disable-html5-autoplay/issues/223