The researchers explain that the problem affects numerous websites related to Google and Cloudflare, being able to obtain credentials in plain text through the extension.

This extension takes advantage of the lack of security between the components of the extension and the web page that is running. Additionally, The extension is able to bypass the password obfuscation that appears when typing in that field.

The extension, published by the researchers in the Chrome Web Store to demonstrate what happened, does not contain any malicious code, but takes advantage of the browser's own infrastructure.

Fountain: Bleeping Computer


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »