Slow mist cosine: Users need to be aware of permission requests for browser extensions and have an isolated mindset

ChainCatcher News, Slow Mist Cosine posted on the X platform: "An extension will do evil, such as stealing cookies from the target page, privacy in localStorage (such as account permission information, private key information), DOM tampering, request hijacking, clipboard content acquisition, etc." You can configure the relevant permissions on manifest.json. If the user doesn't pay attention to the extension's permission request, it's in trouble. But if an extension wants to do evil, it is not easy to directly engage in other extensions, such as well-known wallet extensions... Because the sandbox isolated... For example, it is impossible to directly steal the private key/mnemonic information stored in the wallet extension. If you are worried about the permission risk of an extension, it is actually very easy to judge this risk, you can not use it after installing the extension, look at the extension ID, search for the local path of the computer, find the manifest.json file in the root directory of the extension, and throw the content of the file directly to the AI for permission risk interpretation. If you have an isolated mindset, you can consider enabling Chrome Profile separately for unfamiliar extensions, at least the evil can be controlled, and most extensions don't need to be turned on all the time. ”