this post was submitted on 09 Sep 2023
22 points (95.8% liked)
Linux and Tech News
1017 readers
29 users here now
This is where all the News about Linux and Linux adjacent things goes. We'll use some of the articles here for the show! You can watch or listen at:
You can also get involved at our forum here on Lemmy:
Or just get the most recent episode of the show here:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
From my reading, yes, that's how the others work, too. Extensions can grab passwords from the password field itself before you get to submit them and record them elsewhere.
This bit of information may not be new, but the proof of concept, submitted to Google's extension store, is. It's proof you can yank passwords automatically placed there by managers in Chrome using an extension created expressly to do that and served up by Google. And Manifest v3, Google's new set of extension changes aimed at beefing up security, does nothing to prevent this.
Now, the finger pointing ensues.