InfoSec News Nuggets 09/05/2023
Chrome extensions can steal plaintext passwords from websites A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors,…