Mozilla has incorrectly flagged uBlock Origin Lite

Edit: there is an update to this story: https://infosec.exchange/@iampytest1/113159902911104479

https://github.com/uBlockOrigin/uBOL-home/issues/197#issuecomment-2329365796

#uBlockOrigin #uBlockOriginLite #MozillaAddons #AddonSecurity #BrowserExtensionSecurity

According to @ajayyy, the maintainer of SponsorBlock, typing "uBlock" into the Chrome Web Store search directs users to "uBlock" instead of uBlock Origin.
Actually searching returns both extensions.
This is because Google no longer gives MV2 extensions "featured" status, which elevates them in search predictions.

https://github.com/uBlockOrigin/uBlock-issues/discussions/2977#discussioncomment-9906082

#uBlockOrigin #uBlock #mv3 #chromeWebstore #browserExtensionSecurity

Be aware: in Chromium browsers, browser extension session storage is leaked into content script processes, and thus can be stolen by websites if they can compromise the content script.
The sky isn't falling, but something to be aware of.

https://bugs.chromium.org/p/chromium/issues/detail?id=1342046 (from https://github.com/w3c/webextensions/issues/72#issuecomment-1762785846)

#browserextensionsecurity #chromiumsecurity

Just another reason to limit your browser extensions: https://vitonsky.net/blog/2023/09/01/malware-in-browser-extensions/

Of course, it's hard to know if a developer will give in and include malware in their extension.

#browserextensionmalware #browserextensions #browserextensionsecurity