<div dir="auto">Browser extensions (by default) inject code in every page.  It hard to see how such a system can be secure and at the same offering added functionality.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 1, 2022, 02:33 Nat Sakimura via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Interesting attack. <div dir="auto"><br></div><div dir="auto"><a href="https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/" target="_blank" rel="noreferrer">https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/</a></div></div>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank" rel="noreferrer">Openid-specs-fapi@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div>