Slow Fog Cosine: Users need to pay attention to the permission requests of browser extensions and must have isolated thinking

Manwu Yuxian posted on the X platform: An extension can do harm, such as stealing cookies from target pages, privacy in localStorage (such as account permission information, private key information), DOM tampering, request hijacking, clipboard content acquisition and so on. This can be done by configuring related permissions in manifest.json. If users don't pay attention to the permission requests of extensions, it could cause trouble. But if an extension wants to directly mess with other extensions like well-known wallet extensions, that's not easy... because they are sandboxed... For example, it's unlikely to directly steal private key/mnemonic phrase-related information stored in a wallet extension. If you're worried about the permission risk of an extension, judging this risk is actually quite easy - after installing the extension you can choose not to use it first; check out its ID; search for its local path on your computer; find the manifest.json file under its root directory and throw the file content directly at AI for a permission risk interpretation. If you have isolation thinking in mind then consider enabling Chrome Profile separately for unfamiliar extensions - at least their potential harm would be controllable and most extensions don't need to be always enabled.