- Mar 2, 2023
- 1,247
This is the part that caught my eye.
Malicious Chrome extensions can spoof password managers in new attack
- Thread starter Jonny Quest
- Start date
- Mar 2, 2023
- 1,247
@oldschool I thought about you and your post when I saw this article on Bleeping Computer.
malwaretips.com
Advice Request - What are some secure password manager options for Windows, Android and IOS?
I've recently run out of my paid password provider subscription and was curious as to what some of you would recommend going into 2025. I've seen a lot of posts about Bitwarden, Proton, KeePass and 1password and was wondering if those are still the go-to options or if Nordpass etc are in the...
malwaretips.com
Last edited:
@Jonny Quest, this is quite alarming and hoping that 1Password quickly finds solutions to this for the safety of users.
This is alarming yes! How does a common internet/google/chrome user protect themselves from this sophisticated type of hacking?
- Apr 24, 2016
- 7,677
Only use a minimal amount of trusted extensions
- Mar 29, 2018
- 7,899
This article highlights how the 'chrome.management' API is ripe for the pickings. I personally rely mainly on my little black book for password management, especially critical ones.@oldschool I thought about you and your post when I saw this article on Bleeping Computer.
Advice Request - What are some secure password manager options for Windows, Android and IOS?
I've recently run out of my paid password provider subscription and was curious as to what some of you would recommend going into 2025. I've seen a lot of posts about Bitwarden, Proton, KeePass and 1password and was wondering if those are still the go-to options or if Nordpass etc are in the...
And it goes without saying that users should ...
- Dec 12, 2016
- 1,927
I'm thinking about downloading extensions by their Id rather then searching their name that way I will only get the trusted extension
- Dec 12, 2016
- 1,927
Pretty much not downloading random extensions rather only well vetted ones from popular companies with security standards
- Dec 12, 2016
- 1,927
They can't do anything about it it's a chrome issue and google needs to secure it on as pretty much to this day that store is filled with malicious extensions
- Mar 29, 2018
- 7,899
bazang
Level 12
- Jul 3, 2024
- 551
Knowledge. Not software.
Does this affect a password manager with a local database only?
- Mar 2, 2023
- 1,247
It doesn't sound like it, like with KeePass? That's what I was thinking, that if I were truly concerned, I could uninstall the Proton Pass extensions and just work from the desktop app (in my case) and copy and paste from there. Probably like you could also do with the Bitwarden desktop app.
But would there be a security risk in my doing it that way, as far as what may be stored in Clipboard, or in the browser somewhere, compared to just typing things in?
Last edited:
I meant a password manager with a local database and an extension, but no cloud database. I use Enpass password manager, which has no cloud database. If I'm correct, some password managers have a different password for the cloud database. I guess it would help in this scenario.
yah... at this moment, how can I validate that I have none of those malicious extensions on my PC?
- Mar 29, 2018
- 7,899
Look at your installed extensions, search for compromised extensions, and look at the list like here: Targeted supply chain attack against Chrome browser extensions
Create a security configuration thread of your own here at PC Setup Configuration Help & Showcase and list your extensions. Members will review your config.
What you need is an enterprise browser or whitelisting software . Both will defeat this attack, sadly though this tech is enterprise only at the moment.
or whitelisting software . Both will defeat this attack, sadly though this tech is enterprise only at the moment.
i7ii
Level 1
- Sep 3, 2024
- 30
Similar threads
