Security researchers from the University of Wisconsin-Madison have unveiled a concerning vulnerability in Google Chrome extensions that could jeopardize user passwords. Their proof-of-concept extension demonstrated how passwords can be extracted in plaintext format from a website’s source code.
The researchers’ investigation focused on text input fields within web browsers and revealed that Chrome grants extensions more privileges than it should due to its coarse-grained permission model. This elevated access allows extensions to retrieve data from text input fields.
