[tor-bugs] #5566 [- Select a component]: One magic flag to hardening Chrome CRX and prevent CSP abuse - {"manifest_version": 2}

Tor Bug Tracker & Wiki Tue, 03 Apr 2012 22:33:44 -0700

#5566: One magic flag to hardening Chrome CRX and prevent CSP abuse -
{"manifest_version": 2}
----------------------------------+-----------------------------------------
 Reporter:  jaedo                 |          Owner:     
     Type:  enhancement           |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  - Select a component  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Since Google Chrome 18 stable released, it's preferably to use
 "manifest_version": 2 in manifest.json because Content Security Policy by
 default is too weakly.


 At least it possible to detect chrome extension by requesting crx
 resources via internal protocol.

 That's the demo http://www.browserleaks.com/chrome it can detect that I
 have HTTPS Everywhere installed.

 And more about CSP in point of chrome extensions found here
 http://code.google.com/chrome/extensions/trunk/contentSecurityPolicy.html

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5566>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #5566 [- Select a component]: One magic flag to hardening Chrome CRX and prevent CSP abuse - {"manifest_version": 2}

Reply via email to