Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen

Name: Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen
Description: Browser extensions occupy a uniquely dangerous position in the web security ecosystem. They run with elevated privileges, can observe and modify web content across every tab, and are trusted by defaul

Marek Tóth

DEF CON 33 · Day 1 · Main Stage

Browser extensions occupy a uniquely dangerous position in the web security ecosystem. They run with elevated privileges, can observe and modify web content across every tab, and are trusted by defaul

AI review

Browser extension clickjacking to payment card theft is a real, underappreciated attack surface with a convincing single-click demo — but the technique is evolutionary, not revolutionary.

Watch on YouTube