Research from Symantec indicates that several popular Chrome extensions, including DualSafe Password Manager and Avast Online Security, are leaking sensitive data. This occurs via insecure HTTP transmissions and hardcoded credentials in JavaScript code. Affected extensions could expose API keys, secrets, and even browsing information, making users vulnerable to attacks like profiling or phishing. Notably, experts warn that utilizing unencrypted HTTP allows attackers to intercept data, significantly increasing the risks involved with such security flaws.
This incident highlights a critical gap in extension security-even popular Chrome extensions can put users at risk if developers cut corners.
Transmitting sensitive data over simple (unencrypted) HTTP exposes browsing domains, machine IDs, operating system details, usage analytics, and uninstall information in plaintext.
Collection
[
|
...
]