Explore the world of Chrome extension security in this BSidesLV conference talk. Delve into the Chrome Crusader's journey as Lily Chalupowski shares insights on making Chrome extensions more secure. Learn about JSON files, Chroma Optimizer, hidden icons, and CORS limitations. Discover the potential for creating botnets and classic malware through Chrome extensions. Examine the Chrome Extension Architecture, security headers, and Google's security considerations. Investigate the removal of XSS protection and the implementation of Chrome Site Isolation. Gain valuable knowledge about WebRTC and HSTS while addressing both technical and non-technical aspects of Chrome extension security.
Overview
Syllabus
Introduction
Who is Lily
Agenda
Skills Needed
Warning
Making Chrome Great
Hackers Manifesto
JSON Files
Chroma Optimizer
Hidden Icon
Chorus Limitations
CrossOrigin Resource Sharing
Making a Botnet
You are in fact
Command
Hook
Flask
Classic Malware
Keylogger
Credential stealing
Canada Revenue Agency
Why is this possible
Chrome Extension Architecture
Security Headers
CSP
Google Security Considerations
Childrens Advertisers
Insecurity
Chrome Extensions
Remove XSS Protection
Board Meeting
Chrome Site Isolation
Proof of Concept
Chrome Optimizer
WebRTC
HSTS
Nontechnical question
Taught by
BSidesLV
