Slow mist cosine: Users need to pay attention to the permission request of browser extensions and have an isolated thinking

Odaily Planet Daily News Slow Mist Cosine posted on the X platform: "An extension wants to do evil, such as stealing cookies from the target page, privacy in localStorage (such as account permission information, private key information), DOM tampering, request hijacking, clipboard content acquisition, etc." You can configure the relevant permissions on manifest.json. If the user doesn't pay attention to the extension's permission request, it's in trouble. But if an extension wants to do evil, it is not easy to directly engage in other extensions, such as well-known wallet extensions... Because the sandbox isolated... For example, it is impossible to directly steal the private key/mnemonic information stored in the wallet extension. If you are worried about the permission risk of an extension, it is actually very easy to judge this risk, you can not use it after installing the extension, look at the extension ID, search for the local path of the computer, find the manifest.json file in the root directory of the extension, and throw the content of the file directly to the AI for permission risk interpretation. If you have an isolation mentality, you can consider enabling Chrome Profile separately for unfamiliar extensions, at least to control the evil, and most extensions don't need to be turned on all the time. ”