Blog
Share This Post
[ad_1]
Malicious actors could have compromised the Opera browser’s private APIs through a malicious extension on the Chrome Web Store exploiting a recently addressed vulnerability as part of the CrossBarking attack, The Hacker News reports.
Included within the extension were content scripts that could be leveraged to compromise Opera’s overly permissive domains, secure API access, capture open tab screenshots, obtain session cookies, and alter DNS-over-HTTPS settings, which could be followed by adversary-in-the-middle intrusions, according to a study from Guardio Labs. Such findings, which come months after the discovery of the Opera MyFlaw bug, indicate the need for more stringent measures to ensure the safety of browser extensions, said Guardio Labs Head Nati Tal. “The current review model falls short; we recommend bolstering it with additional manpower and continuous analysis methods that monitor an extension’s activity even post-approval. Additionally, enforcing real identity verification for developer accounts is crucial, so simply using a free email and a prepaid credit card is insufficient for registration,” said Tal.
Get essential knowledge and practical strategies to fortify your applications.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
