- Research shows that Manifest V3 could suffer from security issues
- The upgraded Chromium manifest still allows malicious extensions
- Some security tools struggle to identify dangerous extensions
Browser extensions have long been a convenient tool for users, enhancing productivity and streamlining tasks. However, they have also become a prime target for malicious actors looking to exploit vulnerabilities, targeting both individual users and enterprises.
Despite efforts to enhance security, many of these extensions have found ways to exploit loopholes in Google’s latest extension framework, Manifest V3 (MV3).
Recent research by SquareX has revealed how these rogue extensions can still bypass key security measures, exposing millions of users to risks such as data theft, malware, and unauthorized access to sensitive information.
Browser extensions now pose greater threats
Google has always struggled with the issues of extensions in Chrome. In June 2023, the company had to manually remove 32 exploitable extensions that were installed 72 million times before they were taken down.
Google’s previous extension framework, Manifest Version 2 (MV2), was notoriously problematic. It often granted excessive permissions to extensions and allowed scripts to be injected without user awareness, making it easier for attackers to steal data, access sensitive information, and introduce malware.
In response, Google introduced Manifest V3, which aimed to tighten security by limiting permissions and requiring extensions to declare their scripts in advance. While MV3 was expected to resolve the vulnerabilities present in MV2, SquareX’s research shows that it falls short in critical…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
