Introduction
I’ve seen a lot of great research from truffle security and others focused on scanning public resources like github repos, docker images, and even LLM training data for exposed secrets. But I started thinking: has anyone done this for browser extensions? I chose to scan the Chrome Web Store, since chromium based browsers are the most popular.