viernes, 19 de agosto de 2011

Bug in Chrome Extensions, the cookies are indestructible

Today when I was working on a Chrome Extension, I discovered a strange bug. When I  tried to remove all the Cookies of the browser, the cookies of the Chrome extension persists.
This could be considered a security hole, the main problem is that an extension can insert a cookie and follow you where it wants. The chrome extension can read all the sites that you visit, know all urls, cookies, etc... And the most important problem is that it can send information, is worse than a trojan.

I did a video that shows the problem:

Incredible Google says that this is a feature, not a bug and they won't to fix it.

This is the screenshot of the bug report:

The differences between a bug and a feature by the Chrome team:

No hay comentarios:

Publicar un comentario