

Security Bugs in Google Chrome Extensions (And How To Avoid Them) - skymt
http://www.adrienneporterfelt.com/blog/?p=226

======
Triumvark
It sounds like Google should be more aggressive with default CSPs.

