11 Matching Annotations
  1. Last 7 days
  2. Dec 2019
  3. Nov 2019
  4. Oct 2019
  5. Aug 2017
    1. 6.2 Extension IDs Each extension has an extension ID that follows the browserext:// protocol. For example browserext://MyExtension_c1wakc4j0nefm/options.html browserext://dfcijpibodeoenkablikbkiobbdnkfki/options.html The algorithms that generate these IDs are different for each browser. To access these resources, do not hardcode the ID generated by a particular browser. Instead, use the runtime.getURL() method to convert a relative file name or path to the absolute name or path, which includes the extension ID.

      Vivaldi, as you know, I love your browser and use it primary and multiple times a day, despite it's quirks deviating from Chrome.

      Having said this, can we eliminate the generated file names for extensions, screenshots, and notes?

  6. Aug 2015
    1. When we first set out to identify malicious extensionsour expectation was to find banking trojans and pass-word stealers that duplicated the strategies pioneered byZeus and SpyEye. In practice, the abusive extensionecosystem is drastically different from malicious bina-ries. Monetization hinges on direct or indirect relation-ships with syndicated search partners and ad injection af-filiate programs, some of which earn millions of dollarsfrom infected users [37]. Miscreants derive wealth fromtrafficanduser targetingrather than the computing re-sources or privileged access mediated via the browser. Itmay simply be that the authors of malicious binaries havelittle incentive (or external pressure) to change, leavingextensions to a distinct set of actors. This uncertainty isa strong motivation for exploring the extension ecosys-tem further.

      This is the section that identifies the motives and economics around malicious extensions