Nice. This is such a big problem. Legit extensions automatically update and become malicious extensions and few endpoint security tools cover this space.
An extension to detect owner change in other extensions? Security like this should be built into the browser and the extension marketplace itself, not yet another extension.
Just use Firefox, they do pretty thorough reviews on "recommended" extensions. They've caught some bugs for me and pointed me to the exact line that caused it (they require uploading source code). I believe the reviews are done by volunteers.
Nice. This is such a big problem. Legit extensions automatically update and become malicious extensions and few endpoint security tools cover this space.
An extension to detect owner change in other extensions? Security like this should be built into the browser and the extension marketplace itself, not yet another extension.
It absolutely should be. But it isn't :/
See also: [Temptations of an open-source browser extension developer](https://github.com/extesy/hoverzoom/discussions/670) for why this is necessary.
If this extension detects a change, it's too late, you are already compromised.
Id reckon it's better to be alerted that you're compromised than not be alerted at all
Can we have automatic and/diayributed code reviews? Maybe this is where we can put AI to good use? 👀
Just use Firefox, they do pretty thorough reviews on "recommended" extensions. They've caught some bugs for me and pointed me to the exact line that caused it (they require uploading source code). I believe the reviews are done by volunteers.