Electronic Frontier Foundation – 31 Jul 19 Instead, after years of missed opportunities, Google has given us Manifest V3: a nineteen-page document with just one paragraph regarding remote code execution-the actual extension capabilities oversight that continues to allow malicious extensions to exfiltrate your browsing history. It could have invested in automated and manual extension review. It could have started responding promptly to extension abuse reports. Google could have banned remote code execution a long time ago. EFF said it best, way back in 2019 no less, and nothing has changed since: Virtually every expert on the subject outside of Google agrees that MV3 has basically nothing to do with security, and everything to do with limiting user control of the web (as Google’s proposals often do, e.g. Google being incompetent at blocking malware is their own separate problem which won’t be solved by MV3 anyways, because malicious extensions will be just as empowered to skim pages and exfiltrate your data as they ever were. Google bundling that change with every other regression in MV3 is not something they have to do to fix that problem, they could’ve just done so in a Chrome/Web Store policy or something ages ago. Of course banning remotely hosted JavaScript code does make sense, it’s the only part of MV3 which actually addresses a security concern. MV3 equates to a less secure and less private internet as a result. The changes in MV3 are largely feature regressions that have nothing to do with security, and everything to do with preventing actual privacy/security tools from working properly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |