The possibility of running a shell command from an extension (NPAPI) has been phased out, but custom protocol handlers are still supported.
What is the practical difference if an extension can still launch any executable via the protocol handler?
Asked
Active
Viewed 286 times
1
-
1isn't it up to the OS to route requests to the assigned application? Then, however this application handles those requests is the potential security risk – Purefan Jan 13 '17 at 13:04
1 Answers
1
Onus and user experience
Extensions with NPAPI mean that the browser and it's extension ecosystem are the source of malware, and are then responsible for combating it. Did extensions using this feature even need to disclose it?
On the other hand, launching a protocol handler is a very straightforward UX... it requires a user gesture each execution unless the user explicitly chooses to permanently allow. Prompting "Open something.exe?... example.com wants to open this application" signals to the user that they're making a choice right at this very moment to allow the browser to launch a different program.
Additionally, the custom protocol handler had to be installed on the machine outside of the browser ecosystem, which means it had to gain user trust on its own accord, not thru the app store where people might be lulled into a false sense of trust (e.g. "...it's on the Chrome web store so it must be safe...").
Aaron Cicali
- 422
- 2
- 9