In wise words from Google: If an attacker successfully injects any code, the game is over. XSS is too limited, and is very well protected. Chrome extensions are too closed. Luckily for me, we live in an era where people install npm packages like someone who takes a candy. So, NPM was going to be my distribution method. I would need to devise a useful package for the border that people would install without thinking: my Trojan horse.

See original (not translated) news ➥

 

See translated news ➥