Topic: Chrome extensions flaw allows password theft

[Simon]

Extensions in Google Chrome are open to a password-stealing hack, according to a security researcher.

Because such third-party add-ons have access to the document object model (DOM) in the Chrome browser - a key API which manages information - it is possible to create an extension that can read form fields and gather passwords and logins, said Andreas Grech in a blog post.

Grech created a "simple" proof of concept plug-in that stripped such data from well-known web pages as the user logged in, and then emailed it back to him. The flaw works against sites including Gmail, Facebook and Twitter, the researcher claimed.

http://www.pcpro.co.uk/news/security/359362/chrome-extensions-flaw-allows-password-theft

[sam]

eventually all things get hacked.