AyKarsi
Reputation: 9685
Can a chrome extension read data from the local storage?
If a chrome-extension requests the permission "Read and modify all your data on all websites you visit", can it then read data from the local storage of one of these visited sites?
I'm asking this because I know of some websites which store authentication tokens in the local storage. If the extension can access the token, it would be frightfully easy to harvest access tokens...
Upvotes: 1
Views: 390
Answers (1)
woxxom
Reputation: 73806
The answer is Yes. Content script injected by an extension has full access to localStorage for the site.
Upvotes: 4
Related Questions
- Can I get access to localStorage of site from chrome extension?
- Access local files through Google chrome extension?
- Do Chrome extensions have access to local storage?
- Want to access local storage of Chrome extension
- Security concerns for using localStorage or chrome.storage inside Chrome Extensions
- How secure is data stored using chrome.storage.local.set
- Data storage inaccessible to Chrome extensions
- Chrome local storage and security
- How to get data from chrome extension local storage?
- Chrome extension and local storage