Chrome extensions that contain malware aren't written and submitted to the chrom... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Afforess on Feb 22, 2023 \| parent \| context \| favorite \| on: Let's build a Chrome extension that steals as much... Chrome extensions that contain malware aren't written and submitted to the chrome store hoping to sneak past review. Malware authors _purchase_ the intellectual property of fulling functioning, useful extensions, and update them to contain their extra malware payload. I'm not sure where you got the idea that a review would be involved here at all.

jsnell on Feb 22, 2023 [–]

AFAIK updates go through a review process as well.

Reducing the attack surface has similar benefits for this case. There will be fewer extensions with dangerous permissions around for bad actors to buy, and the the reviews for the remaining legit use cases for those dangerous permissions can be stricter.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact