Slow Fog Cosine: Users need to pay attention to the permission requests of browser extensions and maintain an isolated mindset
ChainCatcher message, Slow Mist Yuxian posted on platform X stating: "An extension can be malicious, such as stealing cookies from the target page, privacy in localStorage (like account permission information, private key information), DOM tampering, request hijacking, clipboard content retrieval, etc. Relevant permission configurations can be made in manifest.json. If users are not careful about the permissions requested by the extension, it can be troublesome.However, for an extension to be malicious and directly target other extensions, such as well-known wallet extensions, it is still not easy... because of sandbox isolation... For example, it is unlikely to directly steal private key/mnemonic-related information stored in the wallet extension. If you are concerned about the permission risks of a certain extension, it is actually easy to assess this risk. After installing the extension, you can choose not to use it first, check the extension ID, search for the local path on your computer, and find the manifest.json file in the root directory of the extension. You can then directly throw the file content to AI for permission risk interpretation. If you have an isolation mindset, you might consider enabling a separate Chrome Profile for unfamiliar extensions, at least making malicious actions controllable; most extensions do not need to be enabled all the time."