The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAI’s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also address many other facets of AI risk.
Snyk provides a comprehensive approach to developer security by securing critical components of the software supply chain, application security posture management (ASPM), AI-generated code, and more. We recognize the increasing risk of exposed secrets in the cloud, so we’ve tapped Nightfall AI to provide a critical feature for developer security: advanced secrets scanning.
Snyk's security researchers have conducted some research to better understand the risks of WebExtensions, both well-known (i.e. XSS, code injection) and those more specific to WebExtensions themselves. From our research we identified and disclosed some vulnerabilities within some popular browser extensions: React Developer Tools and Vue.js devtools. In this post, we will explore the WebExtension technology and look into the vulnerabilities identified.