The attack only required the user to be signed in to a Microsoft account, whether it is an Outlook account, a Skype ID, or any other Microsoft platform.
Thus, an adversary could easily know the user’s identity by exploiting the bug via any random website. While the extension typically supported integration with certain websites only (like Gmail), it would continue working on other websites too. In simple words, the extension would integrate the chat functionality to a website a user visits. Specifically, the Skype extension for Chrome was supposed to offer a direct means of starting Skype conversations within the browsers’ environment. Microsoft Fixed The Chrome Skype Extension Privacy FlawĮlaborating on the details via a blog post, researcher Wladimir Palant mentioned how a security flaw riddled the Skype Chrome extension.
Thankfully, Microsoft fixed the vulnerability by rolling out an overhauled extension version for the users. A serious security flaw in Microsoft’s Skype extension for Chrome browser risked users’ privacy.
0 kommentar(er)
