PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Simon on July 12, 2010, 19:22

Title: Chrome extensions flaw allows password theft
Post by: Simon on July 12, 2010, 19:22

Extensions in Google Chrome are open to a password-stealing hack, according to a security researcher.

Because such third-party add-ons have access to the document object model (DOM) in the Chrome browser - a key API which manages information - it is possible to create an extension that can read form fields and gather passwords and logins, said Andreas Grech in a blog post.

Grech created a "simple" proof of concept plug-in that stripped such data from well-known web pages as the user logged in, and then emailed it back to him. The flaw works against sites including Gmail, Facebook and Twitter, the researcher claimed.

http://www.pcpro.co.uk/news/security/359362/chrome-extensions-flaw-allows-password-theft

Title: Re: Chrome extensions flaw allows password theft
Post by: sam on July 13, 2010, 14:27

eventually all things get hacked.