#StackBounty: #browser-extensions Can Chrome Extensions Send Data to Remote Servers?

Bounty: 50

Suppose an extension has a scary list of permissions like that below ("Site access: On all sites"):

enter image description here

Does this also give the extension permission to send my data to the author’s servers via XHR?

I’ve read the documentation here but lack some background knowledge, so I am not sure in my interpretation:

Cross-Origin XMLHttpRequest

After reading this, it seemed like the extension isn’t allowed to send my data somewhere unless it has lines like the below in the manifest – is this correct?

"permissions": [
    "https://www.google.com/"
  ]


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.