Hacker News new | ask | show | jobs
by fiddlerwoaroof 2311 days ago
Chrome sandboxes fetch requests from extensions and tells the user what permissions the app is requesting, so it’s not actually that bad (barring bugs in the sandbox)
1 comments
jannes 2311 days ago
What do you mean with "sandboxes fetch requests"? That's not a valid countermeasure at all...

The grandparent was worried about the extension stealing his email's contents.

link
iudqnolq 2311 days ago
Absolutely. If the extension injects JavaScript into the page to examine the email it can run a fetch in the context of that page.

I think the app store should warn that a page can send data to any website if it has permission to modify any page.

link
fiddlerwoaroof 2311 days ago
It’s been a while, but I’m pretty sure the permissions dialog explicitly calls this out.
link