Table of Contents A Thin Layer of Chrome Extension Security Prior-Art Isolated But Talkative Worlds A Quick Disclaimer Home is Where the manifest.json Is – The Basic Extension Layout The Extension Architecture, Namespace Isolation and the DOM The Same Origin Policy (SOP) in the Chrome Extension World Crossing the Barriers with Injection and Message Passing… Read More

Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting (XSS) and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s background page. Due to the extension declaring the “<all_urls>” permission, this vulnerability can be exploited… Read More