W3C home > Mailing lists > Public > public-browserext@w3.org > March 2016

Security Issues Re: Kick off discussions

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 4 Mar 2016 19:25:50 +0100
To: Jonathan Kingston <jkingston@mozilla.com>
Cc: public-browserext@w3.org
Message-ID: <56D9D32E.4080608@gmail.com>
IMO, Chrome browser extension wouldn't pass a security review because they
(can) inject code in every web-page visited.

Native Messaging extensions OTOH, execute code outside of the browser,
provide dedicated interfaces, and could after a vetting process provide
functionality which the Web probably never will like access to local "Wallets".

Tying such a function to regular browser extensions is IMO nothing but a
rather quirky workaround:
https://github.com/cyberphone/web2native-bridge/blob/master/README.md#security-considerations

Anders
Received on Friday, 4 March 2016 18:26:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:10:00 UTC