How secure is KeePassXC against malicious extensions? #12047
-
|
I am a new user and was setting up my program, until I decided to set up the browser extension and realized how simple it is. I set up a connection from the Chrome extension to KeePassXC with a simple unique id, everything worked fine. Would a malicious extension, if it could guess the unique id (in the case of something very simple, like just "Chrome"), have access to my database? Although I think there is some more complex mechanism that prevents malicious extensions from accessing the database, I was still worried and decided to ask. By the way, how can I delete the unique connection ID with the extension? I noticed that when disabling KeePassXC integration with the browser, the extension stops working, but the unique ID continues to exist if the integration with the browser is enabled again. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You can see usage of the database browser settings at the end of this secrion: https://keepassxc.org/docs/KeePassXC_UserGuide#_advanced_usage. This shows how to remove a connection from the keepassxc side. You can also remove the connection from the extension side in the extension options page. A malicious extension can possibly gain access to your database if you also let it have access to your system. The bigger, and more common, threat with a malicious extension is scraping data from all the web pages you visit. |
Beta Was this translation helpful? Give feedback.
You can see usage of the database browser settings at the end of this secrion: https://keepassxc.org/docs/KeePassXC_UserGuide#_advanced_usage. This shows how to remove a connection from the keepassxc side. You can also remove the connection from the extension side in the extension options page.
A malicious extension can possibly gain access to your database if you also let it have access to your system. The bigger, and more common, threat with a malicious extension is scraping data from all the web pages you visit.