Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
gbhackers
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code.
This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data manipulation, financial losses, and privacy breaches.
Hardcoded credentials in JavaScript files of browser extensions are accessible to anyone who inspects the extension packages, allowing malicious actors to craft harmful requests ranging from spamming analytics endpoints to hijacking cloud services.
According to Symantec Report, this vulnerability spans a variety of extensions, each serving different functions from online security tools to productivity aids with user bases in the millions, amplifying the scale of the threat.
Vulnerability in Popular Browser Add-ons
Delving into the technical specifics, several high-profile Chrome extensions have been found ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE