Slow Mist Cosine: Attention should be paid to the permission application of browser extensions, while also having isolation thinking

SlowMist Cosine has posted on X platform to remind the community of browser extension security issues. He stated that an extension should be malicious, such as stealing cookies from the target page, privacy information in local storage (such as account permission information and private key information), DOM tampering, request hijacking, clipboard content retrieval, etc. You can configure the relevant permissions in manifestion.json. If users do not pay attention to the permission application for extensions, it will be troublesome, but if an extension wants to do something bad and wants to directly engage in other extensions, such as well-known wallet extensions, it is still not easy... because the sandbox is isolated... for example, it is unlikely to directly steal the private key/mnemonic information stored in the wallet extension. If you are concerned about the permission risk of a certain extension, it is actually easy to determine this risk. After installing the extension, you can choose not to use it first. Look at the extension ID, search for the local path of the computer, find the manifestion.json file in the root directory of the extension, and directly throw the file content to AI for permission risk interpretation. If you have a mindset of isolation, you can consider enabling Chrome Profile separately for unfamiliar extensions, at least to control their wrongdoing, and the vast majority of extensions do not need to be constantly enabled.