Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  
Followers 0
Fourth echelon

Chrome extensions crocked with simple attack

4 posts in this topic

Security-enhancer HTTPS Everywhere switched off with this one weird trick

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."

Karlsson published a proof-of-concept attack that will disable HTTPS Everywhere by corrupting it.

The flaw does not reside in the extension and affects users who have not applied automatic Chrome updates.

http://www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/

 
 
 

Share this post


Link to post
Share on other sites

Security-enhancer HTTPS Everywhere switched off with this one weird trick

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."

Karlsson published a proof-of-concept attack that will disable HTTPS Everywhere by corrupting it.

The flaw does not reside in the extension and affects users who have not applied automatic Chrome updates.

http://www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/

 
 
 

is this what you ask me about earlier? 

Share this post


Link to post
Share on other sites

lol yes. but its all good now, chrome wasnt living up to my expectations..plus its a resource hogger. i dumped it yesterday

 
 
 

Share this post


Link to post
Share on other sites

The item in question will disable itself actually by chrome when it ask for new directives such as "can change privacy preferences". I noticed it off and wondered why, so enabled it and was told it was disabled by chrome as it asked to change my privacy preferences. I have no idea what new changes were requested as it didn't say exactly. This along with windows updates screwing up my pc by adding themselves as admin, no telling what this stuff is doing.

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Restore formatting

×   Your link has been automatically embedded.   Display as a link instead

Sign in to follow this  
Followers 0

Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.