All Chrome extensions can execute remote code in their own context:https://bugs.chromium.org/p/chromium/issues/detail?id=985759
Included in the bug report is a proof-of-concept web extension by gorhill, author of uBlock Origin.
Great... looks like the Chrome team is denying public access to this... and it wasn't captured beforehand in the wayback machine..
Gorhill's proof-of-concept extension code is still up: https://gist.github.com/gorhill/b0316e35d4e7e4a44df39e8b7fa5ac20. His tweets about it though have been deleted.
And now the Gist has been removed. But it’s available on Archive.is: https://archive.is/hi5o1
Hello World! This instance is hosted by Masto.host and verifiably my home via Keybase 🛠️ ❤️ 🏡
Terms of service