Writing a secure browser is one hell of a task. I admire any team who is involved in such a process because the web is messy as hell.
With that in mind, @_batsec_'s blog post delves into the murky world of trust and plugins and extensions
mdsec.co.uk/2021/01/breaking…
1
1
10
I think it's important to note that one doesn't just ban plugins or extensions, no that's just not workable. What is a better idea is understanding that bad© plugins exist and how one might detect them at scale.
1
0
0
The rest of the blog post is a lovely adventure into Google Chrome internals, QUIC (yes, a pretty cool protocol used by Google) and Inter-Process Communications (IPS) and how they could all be abused by attackers to steal y0 stuffs.
1
0
1
Good work Dylan (@_batsec_) & @MDSecLabs and can't wait to see what else pops up this year.
8:21 AM · Jan 13, 2021
0
1
5

