[mariallery]

> c) disable any plugins really.

embarrasing to admit, but I've always wanted to believe one could at least trust plugins like Adblock Plus or Ghostery to protect ones mind and privacy a little.. now, reading Hacker News almost every day, I'm getting paranoid. is it a vulnerability to even use them?

[dfxm12]

The more people you trust, the more susceptible you are to having that trust broken.

Let's say you trust Chrome, you can't trust AdBlock just because you trust Chrome. The install on the Chrome store could get compromised, somehow.

In this specific case though, you also have to weigh the risk of an attack being delivered from an ad. What's more likely? One of the thousands of ads you view a day launches an attack, or installing a Chrome extension does? Which would be more damaging?

Security is not an exact science. It's all about weighing options and making informed decisions.

[zokier]

First of all, in Firefox (and I believe in Chrome too) there is a distinction between "addons" (such as adblock plus) and "plugins" (such as flash). The main difference being that plugins are DLLs containing native code, and thus have all the privileges the browser has. In comparison, addons are mostly JavaScript, and run inside the browser with somewhat limited access to the rest of the system.

[anonymfus]

In Firefox extensions have the same access to the rest of the system as Firefox itself including full file system access.

Addons is more generic term, it includes extensions, plugins and themes.

[mariallery]

Thank you for pointing it out and for a well-written explanation. Took a quick look and Chromium seems to call them all 'extensions'.

[aidos]

In Chrome they're different - chrome://plugins/ vs chrome://extensions/