Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. The research shows how a specially crafted web application can bypass SOP protections by exploiting privileged browser extensions. After analyzing 78,315 extensions that used the specific WebExtension API, it found 3,996 that were suspicious. Researchers say browser vendors need to review extensions more rigorously. The findings are published in an academic paper titled Empowering Web Applications with Browser Extensions (PDF)
Source: https://threatpost.com/web-apps-browser-extensions-backdoors/141061/