Browser Extension Hacking

Title	Vulnerabilities	Programs	Authors
Universal Code Execution by Chaining Messages in Browser Extensions	Universal XSS SOP Bypass PostMessage RCE Browser Extension Hacking	Undisclosed	Eugene Lim (@Spaceraccoonsec)
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser	RCE CSP Bypass Browser Extension Hacking Browser Hacking	Opera	Oleg Zaytsev
Party time: Injecting code into Teleparty extension	HTML Injection Open Redirect Browser Extension Hacking	Teleparty	Wladimir Palant (@WPalant)
Yes, fun browser extensions can have vulnerabilities too!	XSS Browser Extension Hacking PostMessage	Meow	Wladimir Palant (@WPalant)
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper	DOM XSS Universal XSS Clickjacking Browser Extension Hacking	Undisclosed	Matthew Bryant (@IAmMandatory)
Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)	SOP Bypass Browser Extension Hacking	Undisclosed	Matthew Bryant (@IAmMandatory)

Page 1 of 1