Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.
You must log in or # to comment.
Private APIs that “trusted sites” have access to that can make all sorts of browser-level changes?
So many questions:
-
Why in the hell? No, seriously what big-brain was involved in the idea that some site needs that level of access to my browser?
-
Who didn’t see this coming? I mean if you make basically a secret back door, of COURSE your shit’s getting pwnt as soon as someone else notices it.
Also note to self: don’t install Opera I guess.
-
