Google Chrome Extension Steals Login Details 155
An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.
Re:How is this different (Score:3, Interesting)
Re:How is this different (Score:1, Interesting)
Some check boxes showing which permissions the plugin wants, and which permissions you will give it, would be nice, easy, and effective at preventing something titled as a "bookmark enhancer" from stealing your passwords
Re:UGH! When are you going to learn?? (Score:2, Interesting)
They ARE censoring their search results. And they are doing that everywhere, not just China. What makes you think they aren't? Because they say so? Please... stop
Re:How is this different (Score:1, Interesting)
Definitely not. Noscript only prevents scripts running on web pages.
Re:How is this different (Score:3, Interesting)
However, that's beside my point. I was just demonstrating that Chrome has plenty of warning for installing an extension, and that people should not get their panties in a bunch because *gasp* users ignoring a warning about downloading and installing software from third parties can lead to malicious code execution.
Re:How is this different (Score:1, Interesting)
Funny you should mention NoScript, since that's a plugin that's already been involved in its own scandal [hackademix.net]. Not as bad as stealing login information but still a breach of the users' trust.