Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Security vulnerability in Chrome's JSONView extension?
6 points by Pyppe on Nov 10, 2016 | hide | past | favorite | 4 comments
I've used daily the JSONView Chrome extension (previously available in https://chrome.google.com/webstore/detail/jsonview/chklaanhfefbnpoihckbnefhakgolnmc?hl=en) for viewing JSON.

Just now I noticed that it has been automatically disabled from my browser. Visiting `chrome://extensions/` states "This extension contains a serious security vulnerability". And also, it's no longer available in the Chrome Web Store (see link above).

Any idea, what's the vulnerability? I tried to google, but found no info about this...



https://github.com/gildas-lormeau/JSONView-for-Chrome/pull/4... maybe it's about this XSS issue. Funny though, that the extension it's just now suddenly being pulled out.

I would've imagined this extension being used by A LOT of developers...


Yea, my guess would be that's it. Coupled with the fact it hasn't been updated in ~3 years.

I've giving this one a shot, might have too much functionality for me though...I liked how bare-bones the other one was. https://chrome.google.com/webstore/detail/json-viewer/gbmdgp...


I also like bare-bones stuff, and I am currently evaluating this https://chrome.google.com/webstore/detail/json-formatter/bcj... that is fast, easy on the eye and minimal. Haven't reviewed the code tho.


Giving that one a try too. Thanks for the link.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: