Sign in / up

back to article Chrome extensions crocked with simple attack

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page. Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. jamesb2147

    "__________ with this one weird trick"

    I can only hope this was meant to be humorous.

    Please don't attempt this humor again. Click-baiting is not something to laugh about.

    10 0 Reply
    1. Daniel Hall
      Reply Icon

      Re: "__________ with this one weird trick"

      When I saw (seen?) that headline, it sent shivers down my neck!

      I agree, Reg, dont do that again!

      3 0 Reply
  2. pixl97

    In kind of a reverse attack from this I've recently ran into a different bug with HSTS and chrome with a logged in google profile.

    I accidently redirected a site to the wrong IP. The second site has an HSTS header set for a different domain which expectedly errored out. Set the IP back to the correct site which does not have SSL listening at all, but now chrome tries to visit the site using https which breaks. The built in tool to delete HSTS doesn't show any entry and will not delete the site from the local HSTS database. Tried deleting all the chrome settings in the user profile but the issue keeps showing up (it doesn't show up for other logged in users on the computer), and I 'think', but am not sure that it comes back with the users settings that are stored on google.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like