Chrome Extension Risks and You

Explore the often overlooked security risks associated with Chrome extensions in this 21-minute conference talk from BSidesSF 2020. Gain insights from Chris Barcellos and Abhi Kafle as they delve into examples of risky and malicious extensions, including popular ones. Learn how Lyft strategically reduced risk at scale and discover valuable lessons for implementing effective security measures. Cover topics such as the Chrome Web Store, privacy policies, automated review processes, and user experience approaches to enhance your understanding of extension-related vulnerabilities and mitigation strategies.

Introduction
The problem
Popular risky extensions
Malicious extensions
Chrome Web Store
Other Extensions
Privacy Policy
The Plan
The Workflow
Automated Review Process
User Experience
Approaches
Summary