Building Secure Systems using Programming Languages and Analysis

Chrome extension system questions

  1. “Content scripts run in the same process as their associated web pages.” What makes it difficult to run them in separate processes? Give 2 reasons.

  2. Explain how a malicious extension that has the privilege to read/write data on any origin can steal a user’s banking data even if they never visit evil.com.