![]() Yet despite being essentially useless, the Skype extension remained a security and privacy risk. All of its functionality was broken, it being reduced to a bookmark for Skype for Web. ![]() What these users apparently didn’t realize the extension was unmaintained, with the latest release being more than four years old. At the time of writing more than nine million users still remain. The researcher provided further details in a technical blog post today (March 1):īack when I reported the issues, was listed in Chrome Web Store with more than 10 million users. So the website can read it out trivially”. However, he noted that “in a content script context, sessionStorage is no longer extension’s storage, it’s the website’s. Palant discovered that the user identifier was executed in the extension’s content script. RECOMMENDED Data study reveals predictors of supply chain attacks in NPM repositoriesĪccording to the researcher, the flaw resided in the extension’s identity-tracking functionality, which could determine if a user was logged into a Microsoft account. Usernames and profile images can be freely retrieved by Skype name.” “The extension leaks your Skype name to any website interested. “The privacy flaw is simple,” Palant told The Daily Swig. Microsoft has fixed a privacy bug in its Skype extension for Chrome that left millions of users at risk of having their account information leaked.Īfter turning his attention to the Skype-for-Chrome extension, which has nine million installs, security researcher Wladimir Palant discovered a “trivial” bug that allowed websites to ascertain information about user accounts that should typically be off-limits. ![]() Microsoft addresses issue at eleventh hour, as researcher publicly discloses ‘trivial’ privacy bug in browser plugin
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |