Google Chrome Extension wants access to all data on your computer { 0 }
One of the latest extensions I’ve added to my web dev tools in Google Chrome is XML tree which is in the recommended extensions for web developers section of the Google Chrome extensions gallery. Today, it received an update from the author which, once updated, shows the dialogue box to the left, asking you to authorise access to “All data on your computer and the websites you visit”.
The author says this about the permission increase:
“In order to allow cross-origin XMLHttpRequests for the pulling back XML and XSL in the XML Tree Transformation page action, I had to up the permissions in the extension. Otherwise, the transformation tool would only allow HTTP URLs that originate in the same domain that the URL in the address bar is in. See http://code.google.com/chrome/extensions/xhr.html.”
This isn’t really a problem, as all you have to do it hit cancel and you’re in the clear. But after I’ve spent countless hours cleaning the shit (viruses, spyware, malware) off people’s systems that accumulates because they don’t read dialogue boxes, I can easily see how people would not even realised that they have allowed this extensions to access everything from bank account info right up to the video clip of the ex “playing” with the Bengal Tiger.
Shame on Google Chrome for allowing an extensions to do this, shame on the developer for thinking this would work, and shame on mates for showing me that damn Bengal Tiger video.
View (and download if you’re keen on sharing) the extension here:
https://chrome.google.com/extensions/detail/gbammbheopgpmaagmckhpjbfgdfkpadb
Comments are closed.