I reported this one and others weeks ago because of remote code execution ability, using the "Report this add-on for abuse" button. The extensions are still there. https://twitter.com/kingslyj/status/1165536089517330432 …pic.twitter.com/y4iiXj8P1F
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
In the same vein, there is a *2-year old* Chromium issue about extensions being able to execute remote code without asking for 'unsafe-eval' -- still nothing has been done about this. Google's own Project Zero adhere to 90-day disclosure deadline: https://en.wikipedia.org/wiki/Project_Zero#Bug_finding_and_reporting …
Some extensions from the DataSpii saga -- https://dataspii.com/ -- have been using this "feature" -- so, safe to assume unethical developers already know about this. Not that it matters anyway since Chrome Store has no policy against usage of "script-src 'unsafe-eval'".
On *ethical* grounds, AdBlocker Ultimate should not be a recommended extension, it's essentially someone parasitizing the work of others. How is rewarding this unethical behavior going to be a positive for users in the big picture?https://twitter.com/Pythux/status/1157756696678281217 …
Meanwhile, you are going to be told that the blocking ability of the webRequest API -- *key* to create competent blockers -- is the issue and must be removed.https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security …
The major issue is the lack of good policies/enforcement in extension stores, and unethical behavior should not be rewarded. Fix this before trying to make the APIs are the issue.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.