
MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys - diggan
https://www.zdnet.com/article/mega-nz-chrome-extension-caught-stealing-passwords-cryptocurrency-private-keys/
======
octosphere
The onus is also on the users of these extensions to inspect the code. Chrome
extensions are not compiled - they are simply zip archives and all the code is
readily inspectable. My only gripe is that the extensions are mostly marketed
towards people who don't know how to code and so they run these extensions
never knowing what's happening under the hood. I trust about five extensions
currently, one of them being uBlock origin which has a lot of eyeballs on it.
However I do worry that hackers will try to get nefarious code into popular
extensions, because the more people that use the extension - the more they can
exfiltrate (browsing history, passwords, etc).

