Web Browser Extension APIs Vulnerable to Attacks

French researcher Dolière Francis Somé tested and discovered vulnerabilities in browser extension APIs for Chrome, Firefox, and Opera. He found that a threat actor can use the extensions to hijack a user’s active login session and access user data, or trigger the download of malicious files into storage. He contacted the browser vendors and most of the vulnerable extensions have been removed; however, some are still pending removal or a fix. The NJCCIC recommends installing extensions only if needed and inspecting requested permissions. More details on the vulnerable extensions and a tool to test extensions can be found in the ZDNet blog post here and in Somé’s research paper here.