
Building A Browser Extension? Careful Not To Accidentally XSS the Whole Internet - pyotrgalois
https://www.tinfoilsecurity.com/blog/building-a-browser-extension-be-careful-not-t-17787
======
xyzzy123
This is a genuine concern. The other risk is that you get XSS into a Chrome /
privileged Javascript context, which is probably the simplest way to get
reliable arbitrary code execution in e.g. Firefox.

See e.g:
[http://www.defcon.org/images/defcon-17/dc-17-presentations/d...](http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-roberto_liverani-
nick_freeman-abusing_firefox.pdf) [PDF warning]

