|
|
|
|
|
|
by nishmastime
2295 days ago
|
|
|
No, an extension that has good reason to inject a script into every webpage can, with the same permissions, exfiltrate user data under a new owner. Almost all extensions thus users are vulnerable to this. There is no higher priv the script needs to ask for. |
|
|