alt Hacker NewsNothing to "fix" per se - webextensions need to interact with website data, otherwise they wouldn't be much use. Any extension with content script access can read page content including form fields.
The only real mitigation is being selective about which extensions you install and what permissions you grant them (even then, ownership of extensions change hands, updates can change what they do... it's a never ending battle really).
Replies
mrWiz • yesterday at 2:42 PM
My naive fix would be to disable extensions from accessing form field data without explicit approval. Hell, add different approval boxes for read, write, and hidden-text.
What am I missing?
➕ show 1 reply
Sounds like the answer is just not to install any extensions. But there are a few browsers out there including DDG and Midori v9.0 & older (Classic) that disable them altogether. Maybe GNOME web is the answer. Thanks.