Yahoo has just released its Axis extension, a visual search tool that links across desktop and mobile devices. But Yahoo managed to leak a private security key in its Chrome version of the app. Hidden among the Chrome source code of the extension is a private, unencrypted certificate that allows Yahoo to sign the app, in the process proving it’s genuine. There’s nothing stopping people from copying it and including it in malicious software, which could trick Google into thinking it was legitimate. Yahoo has since posted a replacement version without the problem, but it’s time to get a grip.”]
Source: https://gizmodo.com/yahoo-manages-to-leak-private-security-key-with-new-chr-5912935