Skip to main content

This is a refreshingly good look at why extensions with both full privileged access and dynamic script + style execution are a really bad idea, greatly weakening the CSP on every site:

How insecure is Avast Secure Browser?

Injecting arbitrary scripts and styles ought to require an extra permission and be selectively allowed on a per-site basis.
RE: https://floss.social/@alcinnz/112803562967733831

Adrian Cochrane

2024-07-17 19:49:32


How insecure is Avast Secure Browser? - Almost Secure:
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/


How insecure is Avast Secure Browser?

Another look into Avast Secure Browser shows a massive attack surface, with some issues mentioned five years ago only partially addressed, all while new ways to attack the browser have been added.
Almost Secure
in reply to Seirdy

Seirdy
Seirdy  

As for how my stance on privileged extensions interacts with adblocking:

A layered approach to content blocking


A layered approach to content blocking

My take on where Manifest V3 fits into the current ad-blocking landscape: it has some benefits which should complement but not replace existing approaches
Seirdy’s Home
This entry was edited (2 months ago)
in reply to Seirdy

Pup Keith DX Director's Cut
Pup Keith DX Director's Cut  
@Seirdy sticking my fingers firmly in my ears and rotating every element on your site 1deg
@Seirdy