Great research from Palant how extensions are still loading and executing remote code in extensions with manifest v3. The dynamic declarativeNetRequest is dangerous and often removes 'Content-Security-Policy' headers leaving users exposed.
https://palant.info/2025/02/03/analysis-of-an-advanced-mal…
https://palant.info/2025/02/03/analysis-of-an-advanced-mal…
Comments