Oh god...

All Chrome extensions can execute remote code in their own context:
bugs.chromium.org/p/chromium/i

Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.

Follow

Great... looks like the Chrome team is denying public access to this... and it wasn't captured beforehand in the wayback machine..

Sign in to participate in the conversation
Andreas' Mastodon

Hello World! This instance is hosted by Masto.host and verifiably my home via Keybase 🛠️ ❤️ 🏡 Terms of service

  • Privacy policy
  • Developers

    nitro.horse