https://answer.freetools.me/tags/%E6%95%B0%E6%8D%AE%E7%AA%83%E5%8F%96/ Recent content in 数据窃取 on Answer Hugo -- 0.152.2 zh-cn Fri, 06 Mar 2026 14:24:06 +0800 https://answer.freetools.me/%E6%B5%8F%E8%A7%88%E5%99%A8%E6%89%A9%E5%B1%95%E7%9A%84%E9%9A%90%E5%BD%A2%E6%9D%83%E5%8A%9B%E4%B8%BA%E4%BD%95%E7%AC%AC%E4%B8%89%E6%96%B9%E4%BB%A3%E7%A0%81%E8%83%BD%E8%AF%BB%E5%8F%96%E4%BD%A0%E7%9A%84%E6%AF%8F%E4%B8%80%E6%AC%A1%E7%82%B9%E5%87%BB/ Fri, 06 Mar 2026 14:24:06 +0800 https://answer.freetools.me/%E6%B5%8F%E8%A7%88%E5%99%A8%E6%89%A9%E5%B1%95%E7%9A%84%E9%9A%90%E5%BD%A2%E6%9D%83%E5%8A%9B%E4%B8%BA%E4%BD%95%E7%AC%AC%E4%B8%89%E6%96%B9%E4%BB%A3%E7%A0%81%E8%83%BD%E8%AF%BB%E5%8F%96%E4%BD%A0%E7%9A%84%E6%AF%8F%E4%B8%80%E6%AC%A1%E7%82%B9%E5%87%BB/ 从2024年Cyberhaven供应链攻击事件出发，深度剖析浏览器扩展的安全困境。文章基于USENIX Security 2025论文、NDSS学术论文、OWASP安全指南等权威信源，系统解析浏览器扩展的六大攻击向量：权限过度申请、DOM访问与密码窃取、Cookie劫持与会话盗用、扩展指纹追踪、供应链攻击、以及开发者安全意识的缺失。涵盖Manifest V3的安全改进与局限、Google和Mozilla的审查机制漏洞、以及企业级扩展治理方案。