
Democratizing Chrome Extension Security - wglb
https://duo.com/blog/crxcavator
======
DesiLurker
Perhaps unrelated to the topic but my standard PSA is "Browser Extensions see
ALL your webpages in cleartext. as a general rule dont install extensions
unless you absolutely have to and only those that you really trust".

~~~
Alex3917
You can now whitelist extensions to only run on specific domains. There are a
lot more changes coming in v3 of the extension API, you can see the (strong)
reaction to the changes in the chrome extension forums.

~~~
tyingq
The notable strong reactions are about a different part of the proposed
changes. The removal of the cancel feature in onBeforeRequest().

