[CHROME] One magic flag to hardening CRX and prevent CSP abuse - {"manifest_version": 2}
Since Google Chrome 18 stable released, it's preferably to use "manifest_version": 2 in manifest.json because Content Security Policy by default is too weakly.
At least it possible to detect chrome extension by requesting crx resources via internal protocol.
That's the demo http://www.browserleaks.com/chrome it can detect that I have HTTPS Everywhere installed.
And more about CSP in point of chrome extensions found here http://code.google.com/chrome/extensions/trunk/contentSecurityPolicy.html
Trac:
Username: jaedo