Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop.
Sen. Ron Wyden, D-Ore., at a Feb. 24 hearing of the Senate Committee on Energy and Natural Resources. Wyden asked online-testing firm ProctorU to bolster its cybersecurity. (Photo by Leigh Vogel-Pool/Getty Images)
Researchers believe hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users. (Getty Images)
The browser vulnerabilities were first made public a 20-year-old security researcher who says he first notified Microsoft about the issues 10 months ago.
Richard Zhu, in plaid shirt, and Amat Cama, right, watch as they compete in the 2019 Pwn2Own contest with a zero-day exploit against the Microsoft Edge web browser. (Zero Day Initiative / Twitter)