[tor-bugs] #5566 [- Select a component]: One magic flag to hardening Chrome CRX and prevent CSP abuse - {"manifest_version": 2}
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Apr 4 05:33:36 UTC 2012
#5566: One magic flag to hardening Chrome CRX and prevent CSP abuse -
{"manifest_version": 2}
----------------------------------+-----------------------------------------
Reporter: jaedo | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Since Google Chrome 18 stable released, it's preferably to use
"manifest_version": 2 in manifest.json because Content Security Policy by
default is too weakly.
At least it possible to detect chrome extension by requesting crx
resources via internal protocol.
That's the demo http://www.browserleaks.com/chrome it can detect that I
have HTTPS Everywhere installed.
And more about CSP in point of chrome extensions found here
http://code.google.com/chrome/extensions/trunk/contentSecurityPolicy.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5566>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list