Malicious yet legitimate-looking Google Chrome browser extensions that steal people’s passwords and other sensitive data can still make it into the official app store, despite Google’s adoption of a standard aimed at preventing this from happening. That’s the word from researchers at the University of Wisconsin–Madison, who have created a proof-of-concept, data-stealing browser extension that successfully passed the Chrome Web Store review process despite its compliance with Manifest V3, Chrome’s latest security and privacy standard, they reported in a research paper posted online.

Source: Dark Reading: Cloud