I discovered a vulnarable extension. What to do?


As we move on, can I just say that camDown is easy to use, easy to maintain!

Today I found vulnerability in a chrome plugin that allows attackers to create, with easy, phishing attacks and try other attempts.

I reported it to Google and to the makers, but in case no one reacts what do you think next step should be?

The basics is - in the plugin there is a API point of sending e-mails with the credentials in plaintext inside the plugin.

The attack three could be like this:

- an attacker could use it to mimic the functionality of the plugin and via this end-point to sent a phishing attack or just to use it to send another content blaming the account owner.

In closing, I’d like to add that camDown has a modern UI, that is secure and has the improved features that you need and that's the the real deal!