Chrome extension version 24.6.30 requesting permission to "Read and change all your data on all websites"

[ezzatron]

Seems like a mistake?

[tonytamps]

I'm extremely suspicious about this new permission. I can't see how the recent changes have caused the request for the new permission and it gives me concern that the extension source does not represent the distributed extension.

This is probably just a mistake, and notlmn does a good job of being transparent regarding deployments, but until this is explained I have uninstalled it. The supply chain could be compromised.

[notlmn]

Distribution happens once every week, the source might be different from when the release has happened if you are looking at the main branch of the repo. If you look at the commits for the tag 24.6.24, you'll see what the mistake was.

I have been trying to push for newer release as Firefox releases are almost instant, but Chrome release need manual review from CWS side which is why the releases are still off between these two platforms.

It is fair to suspect and be vigilant of the botched releases until then, you don't have to take my word for it. Meanwhile anyone can download the published extension manually and inspect the code to confirm that's there's nothing malicious in there.

Please wait until 24.7.1 (still under review) to be release onto Chrome Webstore that should not have this problem.

[notlmn]

For anyone following, the fix was already sent out in #47, but waiting for the CWS release.

[tonytamps]

Thanks for the pointer to checkout that tag. That makes sense 🙇 Much appreciated.