Maybe having some kind of statistical usage of xhr calls that each extension will keep track permanently. That way, we could do some sort of smart algorithm that will point out some uncommon, untrustworthy requests. I am just dreaming, but I think its possible to eliminate some threat.
Cause currently, if some developer's extension's account got hijacked or stolen, the user could modify his extension and add some privacy concerning risks. To (try to) stop that, we could do what we did before, and let the developer supply the certification file (pem) everytime he updates his extension, that will eliminate that kind of threat, when the account has been compromised. PS: I am not a security person, just some ideas that came out of my head. So I might be just dreaming. Nevertheless, its an interesting topic. -Mohamed Mansour On Thu, Dec 31, 2009 at 3:44 PM, Adam Barth <aba...@chromium.org> wrote: > Yes, that's a scary scenario and a real threat. If you have ideas for > what we could do to protect against that threat, I'd be interested in > discussing them. > > Keep in mind that a nefarious extension doesn't need the auto-update > system at all to change its behavior over time. For example, the > extension can load code from it's own web site into the extension > process (e.g., via eval or innerHTML). > > Adam > > > On Sun, Dec 27, 2009 at 4:16 AM, Laurence <l.d.ander...@gmail.com> wrote: > > Hi, > > > > I've been playing about with the extension framework - really is a joy > > to use. > > > > However I have a slight concern about the threat model. It's fairly > > trivial to write an extension to log all form data (from both http and > > https sites) and send it off to a foreign host, given content script > > and Cross-Origin XHR permissions. The threat model assumes that such > > an extension will get bad reviews, so not affect many users, but does > > it factor in the autoupdate mechanism? > > > > As a nefarious developer, I could create a perfectly innocent and > > useful extension (with content script and Cross-Origin XHR > > permissions), and wait until a large number of users have installed > > it. Then I release a new version, automatically pushed out to existing > > users, that introduces form logging. Whilst it may only take a day or > > so for someone to notice and the extension killed, large numbers of > > users will have their details (usernames, passwords, credit card > > numbers) stolen. > > > > Any thoughts? > > > > Laurence > > > > -- > > > > You received this message because you are subscribed to the Google Groups > "Chromium-extensions" group. > > To post to this group, send email to > chromium-extensi...@googlegroups.com. > > To unsubscribe from this group, send email to > chromium-extensions+unsubscr...@googlegroups.com<chromium-extensions%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > http://groups.google.com/group/chromium-extensions?hl=en. > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > "Chromium-extensions" group. > To post to this group, send email to chromium-extensi...@googlegroups.com. > To unsubscribe from this group, send email to > chromium-extensions+unsubscr...@googlegroups.com<chromium-extensions%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/chromium-extensions?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensi...@googlegroups.com. To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
