mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 12:51:34 -05:00
Grammar fix
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
826f87ad7a
commit
a035af3df8
@ -19,7 +19,7 @@ On top of the [obvious problem](#the-obvious-problem) mentioned above, there are
|
|||||||
|
|
||||||
The problem here is that adblockers (especially with Manifest v2) are highly privileged and have access to all of your data within the browser. All it takes is for the extension developer to turn malicious for your passwords, session ids, TOTP secrets, etc to get compromised. Even if you were to assume that the extension developer is trustworthy, one vulnerability within the extension could still be catastrophic. This is made worse by the fact that adblockers typically use third-party blocklists, extending trust to the blocklist maintainers to not exploit the extension should a vulnerability be found. The ["uBlock, I exfiltrate"](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) blog post describes in detail how a CSS injection vulnerability in uBlockOrigin lead to data exfiltration with one single bad filtering rule.
|
The problem here is that adblockers (especially with Manifest v2) are highly privileged and have access to all of your data within the browser. All it takes is for the extension developer to turn malicious for your passwords, session ids, TOTP secrets, etc to get compromised. Even if you were to assume that the extension developer is trustworthy, one vulnerability within the extension could still be catastrophic. This is made worse by the fact that adblockers typically use third-party blocklists, extending trust to the blocklist maintainers to not exploit the extension should a vulnerability be found. The ["uBlock, I exfiltrate"](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) blog post describes in detail how a CSS injection vulnerability in uBlockOrigin lead to data exfiltration with one single bad filtering rule.
|
||||||
|
|
||||||
Overall, adblockers increase your attack surface for dubious privacy benefits. If you insist on getting an adblocker however, I highly recommend that you use purely declarative, permission less Manifest V3 ones like [uBO Minus](https://chrome.google.com/webstore/detail/ubo-minus-mv3/ddkjiahejlhfcafbddmgiahcphecmpfh). While they do block fewer ads and trackers than their Manifest V2 counterparts and V3 extensions with "Read and change all your data on all websites", they pose much less of a threat to your privacy and security while still providing the convenniece that of blocking annoyances.
|
Overall, adblockers increase your attack surface for dubious privacy benefits. If you insist on getting an adblocker however, I highly recommend that you use purely declarative, permission less Manifest V3 ones like [uBO Minus](https://chrome.google.com/webstore/detail/ubo-minus-mv3/ddkjiahejlhfcafbddmgiahcphecmpfh). While they do block fewer ads and trackers than their Manifest V2 counterparts and V3 extensions with "Read and change all your data on all websites", they pose much less of a threat to your privacy and security while still providing the convenience of blocking annoyances.
|
||||||
|
|
||||||
## DNS Filtering
|
## DNS Filtering
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user