Thursday , November 30 2023

Chrome extensions can steal plaintext passwords from websites

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code.

An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.

Additionally, the researchers found that numerous websites with millions of visitors, including some Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them.

Click to read full report.

About infosecbulletin

Check Also

data protection

"Personal Data Protection Act 2023"
Coming “Personal Data Protection Act 2023”

“Personal Data Protection Act 2023” will be presented to the Cabinet today for approval. it …

Leave a Reply

Your email address will not be published. Required fields are marked *