Two years ago, we released CRXcavator (pronounced crux-cavator), a free tool that examines the security hygiene and risks of Chrome extensions, looking at criteria such as permissions and security policy, and empowers users to make informed decisions about the extensions they use. Originally released as a Duo Labs project, CRXcavator is now provided by the same team within Cisco Secure. Over the last two years, CRXcavator has helped make the browser ecosystem safer and more transparent by providing developers, users, and organizations with consistent and consumable information regarding potential extension security risks. Security teams at organizations such as Lyft and Datadog have adopted the tool as part of their security strategies; researchers have used CRXcavator to help Google uncover and take down hundreds of malicious extensions; and hundreds of thousands of security conscious users have utilized the tool to in their personal and professional lives to improve their security posture.
After democratizing extension security for Chrome, we are thrilled to announce a major update to CRXcavator that adds support for Mozilla Firefox and the beta version of Microsoft Edge Add-ons site. This addition greatly expands the scope and accessibility of the tool and more thoroughly secures users. CRXcavator will now continuously scan the Firefox add-on and Edge extension store as it does for Chrome, generating and updating CRXcavator reports for all extensions, as well as scanning for newly-added ones as they become available. This enables the tool to provide up-to-date security assessments with an potential risk score, a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Cisco Secure Democratizes Extension Security for Firefox and Edge