This Site Checks to See If Your Next Chrome Extension Is Safe [lifehacker.com]
A third of all Chrome extensions request access to user data on any site [www.zdnet.com]
Chrome is only as secure as the extensions you use [www.techspot.com]
CRXcavator allows you to check the code powering those Chrome extensions [www.cyberscoop.com]
Democratizing Chrome Extension Security [duo.com]
"The problem we're trying to solve here is that it's really difficult for any individual or organization to look at any given Chrome extension & decide whether or not the risk that the extension brings is acceptable." —@schwascore
— Duo Security (@duosec) February 21, 2019
Learn more in our blog: https://t.co/uMcvJ5L5Fp https://t.co/AJxm1vpNL4
Browser extension security has been a huge blind spot for enterprises, and for browser vendors themselves, but no longer! I'm *so* proud of the work that our team has done here, and *so* excited that we finally get to share it with the world. https://t.co/zwgNNuyLIc
— Adam Goodman (@akgood) February 21, 2019
35% of all Chrome extensions request access to user data on any site.
— Catalin Cimpanu (@campuscodi) February 22, 2019
85% of all Chrome extensions don't have a privacy policy.
9% have access to cookie files.https://t.co/2LZFTbrM3t pic.twitter.com/2SQFtlsnNt
Sysadmins can create a CRXcavator account, install the Chrome extension on their PCs in their fleet, and have report what extensions people have installed. They can later blackball or approve extensions based on their CRXcavator risk scores.
— Catalin Cimpanu (@campuscodi) February 21, 2019
More here: https://t.co/rU9mhJueOJ
We're excited to present CRXcavator (https://t.co/c6vPX30QCs) to help you examine Chrome extensions to understand the risk they could introduce. @crxpert discusses the service's design and just some of our analysis of all the extensions on the Web Store: https://t.co/3CI7ePX06p pic.twitter.com/aOHpeAezs7
— Duo Labs (@duo_labs) February 21, 2019
THIS IS HUGE especially for security review teams at gsuite orgshttps://t.co/nXr4eWuk1T
— Sarah Harvey (@worldwise001) February 21, 2019
From ZDNet: A third of all Chrome extensions request access to user data on any site. Duo Security has found a way to check how much risk they present. https://t.co/g08yPgosB7 via @ZDNet & @campuscodi #Duo
— U-M ITS – Ann Arbor (@umichTECH) February 22, 2019
Eighty-five percent of all Chrome extensions don't have a privacy policy:https://t.co/BeZ8MZrmDA
— Adam Levin (@Adam_K_Levin) February 22, 2019
A third of all Chrome extensions request access to user data on any site | ZDNet https://t.co/S7vg9mNXEI pic.twitter.com/iNPbGAPD90
— Rich Tehrani (@rtehrani) February 22, 2019
Periodic reminder that if you install *any* extension except uBlock Origin in any browser & aren't willing/able to read extension source code, your privacy & safety is at risk // A third of all Chrome extensions request access to user data on any site https://t.co/CYhnCWyPtk
— boB Rudis (@hrbrmstr) February 22, 2019
35% of all Chrome extensions request access to user data on any site.
— Catalin Cimpanu (@campuscodi) February 22, 2019
85% of all Chrome extensions don't have a privacy policy.
9% have access to cookie files.https://t.co/2LZFTbrM3t pic.twitter.com/2SQFtlsnNt
35% of all Chrome extensions request access to user data on any site.
— Catalin Cimpanu (@campuscodi) February 21, 2019
85% of all Chrome extensions don't have a privacy policy.https://t.co/2LZFTbrM3t pic.twitter.com/9O3E1MYDEb
A third of all Chrome extensions request access to user data on any site https://t.co/RYq7fzcrHW via @campuscodi
— ZDNet (@ZDNet) February 22, 2019
#Chrome is only as secure as the extensions you use https://t.co/FvFuz1LNhj $GOOG #Apps
— LNP Server Management (@LNPServerMGMT) February 22, 2019
We're excited to present CRXcavator (https://t.co/c6vPX30QCs) to help you examine Chrome extensions to understand the risk they could introduce. @crxpert discusses the service's design and just some of our analysis of all the extensions on the Web Store: https://t.co/3CI7ePX06p pic.twitter.com/aOHpeAezs7
— Duo Labs (@duo_labs) February 21, 2019
Can you dig it? @duo_labs is excited to announce the public beta of CRXcavator, a free service that analyzes Chrome extensions and produces comprehensive security reports. @crxpert @kylelady @sedward5 @schwascore explain in our blog: https://t.co/uMcvJ5L5Fp pic.twitter.com/eIOcLnUULt
— Duo Security (@duosec) February 21, 2019
"The new tool takes a stab at that security challenge by letting a user enter a Chrome extension and then returning a risk score for the application based on the permissions it grants on a computer." ?
— Duo Security (@duosec) February 22, 2019
Learn more in our blog: https://t.co/uMcvJ5L5Fp https://t.co/QW4RCSBZYU
CRXcavator is "a much needed solution for a long-standing problem," says @helpnetsecurity.
— Duo Security (@duosec) February 22, 2019
Learn more in our blog: https://t.co/uMcvJ5L5Fp https://t.co/1jshkDTA19
"The problem we're trying to solve here is that it's really difficult for any individual or organization to look at any given Chrome extension & decide whether or not the risk that the extension brings is acceptable." —@schwascore
— Duo Security (@duosec) February 21, 2019
Learn more in our blog: https://t.co/uMcvJ5L5Fp https://t.co/AJxm1vpNL4
THIS IS HUGE especially for security review teams at gsuite orgshttps://t.co/nXr4eWuk1T
— Sarah Harvey (@worldwise001) February 21, 2019
Sysadmins can create a CRXcavator account, install the Chrome extension on their PCs in their fleet, and have report what extensions people have installed. They can later blackball or approve extensions based on their CRXcavator risk scores.
— Catalin Cimpanu (@campuscodi) February 21, 2019
More here: https://t.co/rU9mhJueOJ
Can you dig it? @duosec is excited to announce the public beta of CRXcavator, a free service that analyzes #Chrome extensions and produces comprehensive security reports. https://t.co/qr2LoT1v4x@duo_labs #infographic #cybersecurity #mfa #2fa pic.twitter.com/UJVohmWA7c
— ᔕѵϵɴ Ƙυϯɀϵʀ (@SvenKutzer) February 21, 2019
CRXcavator is a free service that analyzes Chrome extensions and produces comprehensive security reports https://t.co/rTaxvn2qdK
— ցҽҽҟղìҟ Ӏąҍʂ (@geeknik) February 21, 2019