Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 hours ago

    Private APIs that “trusted sites” have access to that can make all sorts of browser-level changes?

    So many questions:

    1. Why in the hell? No, seriously what big-brain was involved in the idea that some site needs that level of access to my browser?

    2. Who didn’t see this coming? I mean if you make basically a secret back door, of COURSE your shit’s getting pwnt as soon as someone else notices it.

    Also note to self: don’t install Opera I guess.