Scanning 17,000 Chrome Extensions for Security Issues with CRXaminer
Tool: https://crxaminer.tech/
You spend your time configuring HTTP headers and hardening your containers, meanwhile your CFO just downloaded a Chrome extension to make the font in Gmail Comic Sans. What are Chrome extensions, exactly?
This video covers my CRXaminer tool, the browser extension ecosystem, high-profile incidents, and challenges associated with building your own security tool: How do you rank findings? How do you communicate each finding and its context? How do you ensure the tool is useful, and to which audience?
Links:
Blog post: https://astarte.security/docs/tools/c...
How John Tuckner bought an extension: https://secureannex.com/blog/buying-b...
Cyberhaven incident writeup: https://www.cyberhaven.com/engineerin...
Rilide infostealer writeup: https://blog.pulsedive.com/rilide-an-...
00:00 Intro to extension security
02:05 Using CRXaminer
04:48 Extension risks
07:14 Interesting incidents
09:55 AI analysis
14:28 Contextualizing security findings
17:49 Best practices