Comments on Chromium Blog: Security in Depth: The Extension System

With Flash "supercookies" being what the...

2010-02-06T15:22:45.959-08:00

With Flash "supercookies" being what they are, I would almost expect extensions like FlashBlock to be mandatory during an Incognito session. If the Flash plugin can run both inside of an Incognito session and outside, and if both instances of Flash share the same settings and data (presumably they do, unless Google has done something to sandbox not just running processes, but also their configurations and interactions), then you're looking at a serious data leak between Incognito and non-Incognito sessions.

Ditto to Asa and Lindsay's comments re: specif...

2010-02-05T20:52:18.263-08:00

Ditto to Asa and Lindsay's comments re: specific warnings and the vast majority not investigating.

I love the dieas of the extensions, but I'm not downloading them becuase of this.

I would like the ability to run tabs in incognito ...

2010-01-30T13:07:50.694-08:00

I would like the ability to run tabs in incognito mode. The way I see it working is a Chrome would maintain a list of web sites / domains which would ALWAYS (except if dynamic incognito is off) be displayed in incognito mode and non-Google extensions would not be available for these pages / domains.

That being said, I would like to see some Google extensions (or Google certified malware-free extensions) which could be allows in ALL modes. The types of extensions I would like to see would be security related:
AdBlock Chromium
https Secure
FlashBlock
LastPass
RoboForm
NoScript (not available yet)

Hy! What I can't understand is why the extens...

2010-01-06T17:46:14.635-08:00

Hy!

What I can't understand is why the extensions disabled in incognito pages?

If the incognito window isolates the page from the history and other items that should be protected, and the extensions "content scripts run in-process with web content" (and they are protected too)

I'm no(yet) get my head inside chromium's code, but how I understand the background page of an extension is unprivileged and shared, and the content scripts have the privileges, and they runs in the context of the pages... So there may be a privilege to allow a content script to access the background page from an incognito window (this will prevent incompatible extensions from leaking information), or there will be an ability to load separate content scripts in incognito mode (to provide limited functionality for ex)

This way, for ex, ad blockers, mouse gestures should be able to operate within an incognito window

Extensions in Chrome are not flexible and informat...

2009-12-29T09:27:18.290-08:00

Extensions in Chrome are not flexible and informative enough to trust using any extensions not written by Google. The generic warning "This extension will have access to your browsing history and private data for all websites" makes it too dangerous - does private data include saved passwords? The password I enter next time I go to my bank? I'm guessing so, so why can I not specify some addresses that would be exempt? Some extensions (e.g. Adthwart) state that they do not actually do this - so why not give extension writers the ability to write extensions with very limited permissions - i.e no warning would then be required because they are sandboxed. Then hopefully I would have the ability to search for extensions that match my security preferences.
The warning "This extension will have full access to your computer and private data" is certainly descriptive, but given that the e.g. 'IE tab' extension would be very handy, it would be great if some way was provided to extensions, to enable them to do a precise task that I can explicitly allow without giving full access to my computer.
I think the majority of malicious SW would be functional with some kind of backdoor functionality, so the vast majority of people would never have cause to investigate the code in detail - Chrome has to be more proactive to give peace of mind.

The way Google uses the principal of least privile...

2009-12-15T12:58:11.952-08:00

The way Google uses the principal of least privilege in Chrome is completely useless. In Android, I get a warning before installing an app that tells me what the manifest says it will do. In Chrome I don't get any such warning, I can only install the plugin (and hope it isn't malicious) and then I can dig through the hidden folders to find the extension and examine the manifest to verify if I bet correctly.

Assuming malicious extension has a low reputation ...

2009-12-15T12:15:35.447-08:00

Assuming malicious extension has a low reputation and assuming users will not install it is a flaky and dangerous assumption. First of all, some users will always be scapegoats before it even gets a chance to be tried out and discovered that it is malicious. But what if the extension is actually functional and does its malicious stuff in the background? In other words, what if someone ports a nice and useful greesemonkey script (like many already do) and in the background also collects passwords? Unless someone gets suspicious and looks at the code, it will not be discovered and can get a high reputation. I have installed a few extensions so far and haven't bothered to look at the code, so if most people are like me, what is the chance of someone detecting this and warning others? On top of that what if the author manages to overwhelm such warnings with fake good ratings and comments? There are numerous other points that make this a completely flawed assumption.

What about extensions like Feedly, which give info...

2009-12-15T01:07:12.340-08:00

What about extensions like Feedly, which give info in their manifest about accessing browser history and private data, which is fine, but as it turns out they use it to automatically register an account with my gmail info on their website. Essentially, when installing the extension, they copy my stuff to their website.

Is there anything that can be done to warn against that / restrict that?