Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP

5gDedicated
Yanac

Seemingly harmless Chrome extensions aimed at improving browser privacy and analytics could be inadvertently leaking API keys, secrets, and other sensitive machine information.  

According to a Symantec research, several widely used Chrome extensions, including DualSafe Password Manager and Avast Online Security & Privacy extension, are exposing information either through insecure HTTP transmission or hardcoded leaks.  Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP – ComputerworldRead More