A missing and important #security feature for : add a per-subscription option for whether each subscription is allowed to use trusted filters, and make it default to unchecked for all (infosec.exchange)

submitted 8 months ago* (last edited 8 months ago) by deFractal@infosec.exchange to c/ublockorigin@lemmy.ml

0 comments fedilink hide all child comments

A missing and important #security feature for @ublockorigin: add a per-subscription option for whether each subscription is allowed to use trusted filters, and make it default to unchecked for all non-default subscriptions. As it stands malicious compromise of any filter subscription allows arbitrary code injection into any or every page, using, for example, trusted-replace-node-text on any script element. It's the same #supplyChain threat model as malicious Python/Ruby/Node/R/etc. packages or malicious VS Code or browser extensions.

#uBlockOrigin #supplyChainSecurity #supplyChainAttack

no comments (yet)

sorted by: hot top new old

there doesn't seem to be anything here

this post was submitted on 14 Sep 2025

5 points (85.7% liked)

uBlockOrigin

1361 readers

2 users here now

uBlock Origin - Free, open-source ad content blocker. Easy on CPU and memory.

Related communities: c/linux, c/opensource, c/privacy, c/firefox, c/security, c/librewolf, c/iceraven

founded 4 years ago

MODERATORS

Noahh@lemmy.ml