|
|
|
|
|
|
by tyingq
545 days ago
|
|
|
There are some ways to abuse solely the ability to stop an inflight web request, and being able to see what url it was for. But, that did require a specific permission. And the permission/ability to inject arbitrary JavaScript into any page is still there. As are other abilities that can be abused. Meaning, the security argument for removing blocking onBeforeRequest was always a diversion. It is not nearly the highest risk thing in the api. |
|
|