Hacker News new | ask | show | jobs
by mitchas 3060 days ago
What is it about third-party extensions you don't like?

I know many extensions have full access to any site you visit, but I specified LinkedIn for mine, so when you install it, you are warned that it can access all your data on LinkedIn, but no other sites.
2 comments
ertand 3060 days ago
Yup, as solotronics said.

On Chrome extensions, minor bugs (or minor bugs in the libraries you depend on) might end up having far worse consequences. Read/write access to only linkedin.com can still leak a decent amount of unwanted information in case there's an exploit.

link
mitchas 3060 days ago
Hmm. I'll have to read into that more.

I don't use any external libraries, I wrote all of the code in the extension, and the only external requests made outside of the extension are to Google Fonts, so I wonder if it'd be possible to infect this extension.

link
solotronics 3060 days ago
nothing about yours in particular but recently there have been attacks via 3rd party extensions in general

https://www.wired.com/story/chrome-extension-malware/

edit: tried your extension out and I really liked it! thanks for sharing

link