|
|
|
|
|
|
by nmaggioni
2183 days ago
|
|
|
I had the same exact concern, and I haven't been able to find reliable confirmations on this being completely impossible either. It's easily testable, though, that a webpage that isn't focused (because an extension's pane is open) doesn't receive input events. Likewise, Chrome [1] and Firefox [2] extensions themselves cannot bind to relevant keys for example. All in all I would say that going through an empty tab is unnecessary - even though I got into the habit of doing it as well - and even if this wasn't true 2FA should be enough to thwart most malicious actors. [1]: https://developer.chrome.com/extensions/commands
[2]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web... |
|
|
So if you care enough it's best to mitigate that risk by using the standalone application for your password manager, or better yet use a completely separate device like your phone!