-
And? So does every Chromium-based browser. That's how the custom (read: closed source) extensions work. "Component extensions" are used to interact with them normally: https://chromium.googlesource.com/chromium/src/+/main/extens...
See https://blogs.opera.com/security/2021/09/8000-bug-bounty-hig... and https://blogs.opera.com/security/2021/09/bug-bounty-guest-po... for examples of when there are vulnerabilities in those extensions, and how they can be abused for remote code execution.
Any whitelisted domains for these APIs cannot be written to using user-installed extensions, in order for a malicious extension to not be able to inject a script and execute the special API.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
Related posts
-
Browsers Are Weird
-
Mozilla CEO received $6,9m salary in 2022, a $2m increase from 2021, meanwhile Firefox has lost 30m of its userbase since 2020.
-
Google gets its way, bakes a user-tracking ad platform directly into Chrome
-
Installing Chrome extension from raw source code
-
How to disable side-panel for right-click search? I just want a new tab!