I'll grab all the data from you and you won’t even know about it. I am a browser extension
Let's take a look at the browser address bar. How many extensions do you have? Browser extensions can use permissions, content and background scripts to get almost full access to web-pages. Such mechanisms are used by almost any extension: adblockers, dev tools, etc. Extensions can collect user data, parse phones and emails and put them in spam databases. Also, extensions can show their own ads on other websites. The worst thing is that neither user nor website developers can find out it. In what environment are browser extensions executed? How can we detect this? Are we able to do it? How can we defend ourselves? Let's dive into this arms race.
Lead frontend developer at HeadHunter. Started from an intern at HeadHunter developers school and now he has been teaching for over 5 years in this school. Nikita has been working at 5 different teams during all career. A member of the architecture team for the last year. The security of user data, the architecture, and the infrastructure of the project are the most important things at his work.