Security of Google Chrome Plug-ins and Extensions

Does Google Chrome plug-in and extensions security model allow for a plug-in or a extension to hijack certain operations in the browser, like spoofing DNS name resolution?

What is the likelihood for an extension, like LastPass for Chrome, to hijack the browser’s DNS name resolution process in such a way that, when the user is redirected to a site like PayPal, in fact he or she is redirected to something that looks like PayPal but is not? If an extension or plug-in can hijack the browser’s DNS name resolution process, the browser’s address bar might read like http://www.paypal.com/ but the actual browser would have, in fact, established HTTP/TCP connection against another Web site that looks like PayPal’s but using a different, non-legitimate IP address.

Advertisements

One thought on “Security of Google Chrome Plug-ins and Extensions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s