Well, yeah, of course they can. They can read the entire DOM, including the value of password fields. Were you expecting otherwise?
this post was submitted on 02 Sep 2023
27 points (96.6% liked)
Cybersecurity News
1331 readers
5 users here now
Welcome to Cybersecurity News!
A community that collect news and other tidbits related to cybersecurity in all its domains.
There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.
We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.
New to Cybersecurity?
Here are some resources to get you started:
Related Communities
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
founded 1 year ago
MODERATORS
Great!
There's a bit of crying wolf here, as the problem is that extensions can access input fields that may be password fields (actual problem with extension access rights), and secondarily the researchers found sites storing passwords in plaintext in the page source (nothing to do with extensions having too much rights and everything to do with those sites being garbage).
Anyway, didn't Chrome change how their extensions worked around a year ago to make them more secure and limit their access?
Thought it caused problems for ad-blockers. Guess it really was all about kicking adblockers and not a single bit about security for users.
brave browser? adguard for desktop?
That's like 20 years old news.