I told you yesterday of the new app from Yahoo! for iOS, and browser extension for Firefox, Chrome, and Safari, called Axis. Well apparently Yahoo! leaked some critical info about the browser extension that makes it vulnerable.
Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.
Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook’s tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.
NIce going Yahoo!