Being a FF user I can't use it, but it made me think about the dangers of extensions being hijacked. It would be nice to have as a browser builtin feature a domain based whitelist that enables access to extensions according to a trust level, so that for example any new encountered domain can be accessed by all extensions by default, but if I assign say my bank domain a level of N, only extensions whose trust level exceed that N number would be able to access its data while others would be bypassed, then a fixed maximum value of say 10 would mean all extension bypassed for the paranoid.
Probably even a trusted/not tusted flag would suffice, but just in case one wants to differentiate between locally written and installed extensions that can't self update, then official and non official ones. Doable?
One way to accomplish this is to just use private windows for your banking or other critical sites, and then don't let extensions run in private windows. You can configure this per extension in Firefox and Chrome.
A simpler, if perhaps unnecessarily heavyweight way of doing this is to have separate accounts on the same computer. My email has its own account, and allows cookies there (it's gmail). I have to switch accounts to do mail but that's not so bothersome, perhaps even an advantage for some as it might help not jumping every time a mail arrives.
Using private X in the browser requires trusting the browser, this way you can have the OS isolate processes which has to be stronger.
I use Edge (the latest version) for my banking related work. The experience is same as chrome, and I don't have any browser extensions installed there.
I've made it a rule to right click all chrome extensions icons and then set them to "This can read and change data > On www.example.com" on sites I really intend to use them. This prevents them from reading all sites but also prevents the annoyance of reloading the page every-time you need to use the extension. Also some extensions like Likepass inject some really ugly HTML into form fields (it also takes care of that)
It's a pretty useful feature that many people miss.
I've personally just switched from Chrome to Brave. Funnily enough, Chrome was causing my computer to seize all the time while Brave does not, even though it's still built on Chromium. But I took the opportunity to go ahead and clear out a number of extensions. Feels so much better. Your browser can really get cluttered over the years!
This sounds great, I will try.
Is it somehow possible to restrict the internet access of a single extension?
For example I have an add-http-header extension that has no reason to create connection to an outside server.
Not sure if this answers your specific question, but you can limit the sites that an extension can run on. I recently discovered that Chrome offers this feature (right click the extension icon and select Manage Extension to access), and it saved me from having to build a site whitelist feature for my extension. [1] It already has a blacklist feature, and I was going to build a whitelist feature due to user requests. Then I discovered that this functionality is built into all Chrome extensions.
Unfortunately it doesn’t seem to exist on Firefox.
If it can modify the DOM or even display its own HTML-based UI, that might be hard because it can embed an external image, and the loading of that image would contact an external website.
Just tested in Windows with a registry file generated via the linked web interface[0]. Dark Reader was not prevented from accessing sites that should have been excluded based on the imported policy, even after a reboot. Has anyone successfully tested Chrome Galvanizer?
EDIT: It must be me, as I am still not having any luck. I just tested in a slightly older macOS VM (10.12) with Google Chrome 81; even after installing the profile, Dark Reader continues to work on sites that should be excluded.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome]
"ExtensionSettings"="{\"*\":{\"runtime_blocked_hosts\":[\"*://ycombinator.com\",\"*://boh.com\"]}}"
Tested in a new Windows 10 x64 (2004) VM with a new install of Google Chrome 81.
Thank you - it must be me. Had the same issue in a macOS 10.12 VM with Chrome 81. Here's a screen recording of the issue in the Windows 10 x64 (2004) VM: https://tinyapps.neocities.org/cg.mp4 . Tried reloading policies in chrome://policy and waiting 15 seconds as well, but there was no change.
I've played with it fairly extensively in a brand new Windows 10 VM, trying various permutations, but still cannot get it to work as intended. superasn's suggestion[0] to set site access permissions via Preferences > Extensions > Details (for the extension in question) > "Site access" worked a treat for me.
> Using Chrome Galvanizer, you can protect yourself from attacks like this by specifying specific sites that one or all of your extensions can no longer access. For the MEGA case, if users had created a policy restricting access for the MEGA extension to access amazon.com, live.com, github.com, google.com, myetherwallet.com, mymonero.com, and idex.market then they'd be protected from the attack.
It's a challenge to weigh up the risk of not using an adblocker versus the risk of the extension getting compromised.
I guess that solutions like DNS-level blocking or custom hosts files are a fair balance, but I still like the DOM-based per-element control found within adblock extensions.
And then I see people with like 20 extensions installed...
Ultimately it's a trust tradeoff. Extensions should only be installed from incredibly trusted "I'd give this entity my passwords and my bank info for safekeeping" level trust. Because that's essentially the access a lot of browser extensions have.
The easiest way to protect your browser from exploits is to disable or whitelist extensions. At the office we block all but a small handful of extensions we've vetted, and we're very hesitant to add more without very good cause. Do this at home too.
Even for extensions you trust, if their domain expires, it can be minutes later that it is pushing an update.
Actually ... Chrome extensions should have a trust policy wrt domain age, meaning a newly refreshed domain (via expiration) shouldn't be able to push an update for X days.
edit, forgot to mention that this applies to all plugin systems, many which provide vectors of attack against programmers, many of whom can affect global infrastructure.
So VSCode, IntelliJ, etc can be used to inject code into the client as well.
Chrome extensions should be signed and should prevent updates of extensions if the new version was signed by a different from the one signed the current one until the user manually approves it.
Most users will click straight through the approval though, like when they granted it full permissions at install.
And is the signing actually effective anyway? There's very little mention of it online, and as far as I can see it isn't covered in the official guide for publishing extensions.
Is it even possible to have proper signing keys stored locally or air-gapped?
To be honest that problem exists for essentially any software that auto-updates.
You just have to hope that the built-in integrity checking (if any) works and is effective.
That's why I like software distribution methodologies that rely purely on signing to verify authenticity, rather than simply the location that it was downloaded from. I can technically use any old dodgy Apt mirror that I want, as long as I only accept packages signed by trusted keys.
As a side note, it's shocking how many software providers say that their downloads are 'integrity checked' just because they're served over HTTPS.
Adblockers are still useful to block annoying scripts and softpaywalls.
Yes I know no-script exists but it breaks many if not most websites and after a few weeks of managing exceptions most users would disable it and heck few weeks is likely generous most uses would disable it after a few hours if not minutes.
I open Chrome once in while for testing or on the rare occasion something only works there, so maybe this is useful for those occasions. But if you're serious about security and privacy shouldn't you be avoiding Chrome as your regular browser?
I can see where you're coming from on the privacy bit, but from a security point of view, Chrome/Chromium is generally a well-secured browser.
Yes it's not written in a memory-safe language, but drive-by exploits and attacks that escape the sandbox are exceedingly rare in Chrome, even if you're running an older version.
Of course if you add extensions and Flash to the mix, the security is degraded, but with a normal Chrome install it's fairly hard to do something bad in one tab that will negatively impact another.
Since it's the more popular browser for non-tech people (i'd imagine firefox leans more towards tech/privacy-conscious people than 'normal' users), it's probably the first one targeted for auto-extension installation by malware.
