Something triggered in my mind today that reminded me to go take a look again at Qualys BrowserCheck. I really appreciate the idea behind it: to “perform a security analysis of your browser and its plugins to identify any security issues.”
But I sort of wonder if it’s not also teaching users to fall for malicious plugins that use social engineering tricks:
Their FAQ gives more details, but still, I hesitate to recommend this to other people because I don’t want them getting the idea that they should normally give plugins those permissions. (And no, I didn’t install it, either.) I don’t know whether Chrome and other browsers offer a better model that could allow a plugin to check those details, but for now I’ll go with the less intrusive quick scan.
