Y
Hacker News
new
|
ask
|
show
|
jobs
by
johncolanduoni
184 days ago
Even if the extension isn’t malicious, it creates a new attack vector that can affect users. If whatever URL the script is remotely loaded from is compromised, now all users of that extension are vulnerable.