Explore the often overlooked security risks associated with Chrome extensions in this 21-minute conference talk from BSidesSF 2020. Gain insights from Chris Barcellos and Abhi Kafle as they delve into examples of risky and malicious extensions, including popular ones. Learn how Lyft strategically reduced risk at scale and discover valuable lessons for implementing effective security measures. Cover topics such as the Chrome Web Store, privacy policies, automated review processes, and user experience approaches to enhance your understanding of extension-related vulnerabilities and mitigation strategies.
Overview
Syllabus
Introduction
The problem
Popular risky extensions
Malicious extensions
Chrome Web Store
Other Extensions
Privacy Policy
The Plan
The Workflow
Automated Review Process
User Experience
Approaches
Summary
Taught by
Security BSides San Francisco