Hacker News new | past | comments | ask | show | jobs | submit login

Just read the source code.



Not good enough to protect against the kinds of attacks that OP is warning against. Chrome extensions update automatically and there have been many cases of extensions being purchased by malicious actors who modify the code to be spyware or adware.

You can download the current version and install it manually to get around that. If you do that and read the code you're probably safe.

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...


So the problem is in the behaviour of the browser, but not the extension.

Read the code, don't update 'till you read the code, don't use the browser which knows better what is good for you.


Seems to me fine grained access controls would go a long way. The extension gets access to specific capabilities. Such as network connectivity. Local extensions have a much smaller blast radius.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: