alt Hacker NewsIt isn’t exactly. They created a list of known extensions by their id and a file which is known to exist in that extension. The site iterates over each pair and tries to load that file, if it doesn’t error it knows the extension is installed. It’s a clever and difficult manual process, but it does bypass the security trying to prevent this kind of thing.
I read that their reasoning is it exists to block users that use known scraper extensions which bypass their terms of use. But don’t entirely buy that.
Replies
Firefox at least randomizes extension IDs per install. Chrome hands all of that to extension devs, basically a "your problem now".
Does the same scan is happening on firefox? Random websites invoking extensions do seem to be a security hole to me.
So the follow up question, is why is a random website, allowed to try and load arbitrary files?