Jump to content
Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  
Fourth echelon

Chrome extensions crocked with simple attack

Rate this topic

Recommended Posts

Security-enhancer HTTPS Everywhere switched off with this one weird trick

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."

Karlsson published a proof-of-concept attack that will disable HTTPS Everywhere by corrupting it.

The flaw does not reside in the extension and affects users who have not applied automatic Chrome updates.

http://www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/

 
 
 

Share this post


Link to post
Share on other sites
Guest   
Guest

Security-enhancer HTTPS Everywhere switched off with this one weird trick

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."

Karlsson published a proof-of-concept attack that will disable HTTPS Everywhere by corrupting it.

The flaw does not reside in the extension and affects users who have not applied automatic Chrome updates.

http://www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/

 
 
 

is this what you ask me about earlier? 

Share this post


Link to post
Share on other sites
 rbear    240

The item in question will disable itself actually by chrome when it ask for new directives such as "can change privacy preferences". I noticed it off and wondered why, so enabled it and was told it was disabled by chrome as it asked to change my privacy preferences. I have no idea what new changes were requested as it didn't say exactly. This along with windows updates screwing up my pc by adding themselves as admin, no telling what this stuff is doing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up to our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  1. Jump To Top
×