#browser-extensions

#browser-extensions

For years, tech behemoth Google threatened to crack down on browser extension activity within its Chrome browser to improve security. Now, the company is making good on its threats and disabling browser extensions that don't comply with Manifest V3, its browser extension framework. Security experts, such as those at the Electronic Frontier Foundation (EFF), argue that Manifest V3 is not a viable solution for addressing real security concerns, including browser extensions that scrape users' browsing histories and sell the data to the highest bidder.

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model ( DOM)-based extension clickjacking by independent security researcher Marek Tóth, who presented the findings at the DEF CON 33 security conference earlier this month.

When companies rush to monetize browser extensions, they often assume their brand or the term 'AI' will attract users, neglecting the actual user experience.

As the cat-and-mouse game intensifies, effective ad blocking on YouTube requires the use of browser extensions on desktop and VPNs on mobile.