Who is watching your webcam? The story of the Screencastify Chrome extension …



We’ve often warned about the risks of browser extensions – not just for Chrome, but for any browser out there.

This is because browser extensions are not subject to the same strict controls as the content of the web pages you download, otherwise they will not. ExtensionsA

They will be basically locally cached web pages.

An ad-blocker or a password manager that was locked down so it wouldn’t be too much use to work on just one website; A tab manager that can only handle one tab or site at a time would not be very helpful; And so on

Web pages are not supposed to be able to override any controls imposed by the browser, so they cannot change the address bar to display a fake server name, or bypass it. Are you sure? The dialog that verifies that you really want to download that Word document to your hard disk.

Browser extensions, on the other hand, are thought to be able to extend and modify the browser’s own behavior.

Among other things, browser extensions can:

  • Peek What will be shown in each tab after decrypting it.
  • Change What finally appears.
  • See and tweak Everything you type or upload before it is sent.
  • Read and write File on your local hard disk.
  • Launch or MonitoAnd other programs.
  • Access hardware Such as webcams and microphones.

Screencastify An example of a browser extension that provides a popular feature that is not possible with just one website, such as capturing some or all of your screen so you can share it with other users.

The extension makes 10,000,000+ users proud (apparently, no higher category, no matter how many users you visit), and invites you Custom description, from:

Security researcher Vladimir Palant, himself an extension developer, made the decision See ScreencastifyGiven its popularity.

Earlier this week, he said Published What he found.

Among other things, his report is a well-written reminder of how difficult it can be to find out who you trust on the web when you decide to use an app or service from Company X.