
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
agent-browser-plugin-allow-loopback
Advanced tools
agent-browser launch mutator that allows Chrome localhost handoff flows by treating loopback addresses as public for Local Network Access.
Launch mutator plugin for agent-browser that allows Chrome localhost handoff
flows by treating loopback addresses as public for Local Network Access.
The plugin appends one Chrome launch argument:
--ip-address-space-overrides=127.0.0.0/8=public,[::1]/128=public
This is useful for SSO/native app handoff flows that connect from a website to a
local helper on 127.0.0.1 or ::1. Because the plugin returns a structured
JSON array through launch.mutate, the comma in the Chrome flag is preserved.
agent-browser plugin add agent-browser-plugin-allow-loopback
Manual config:
{
"plugins": [
{
"name": "allow-loopback",
"command": "agent-browser-plugin-allow-loopback",
"capabilities": ["launch.mutate"]
}
]
}
This plugin changes Chrome's address-space classification for all loopback
targets in the launched browser process. It is process-wide, not origin-scoped.
Use LoopbackNetworkAllowedForUrls managed policy when you need a narrower
origin-scoped exception.
FAQs
agent-browser launch mutator that allows Chrome localhost handoff flows by treating loopback addresses as public for Local Network Access.
The npm package agent-browser-plugin-allow-loopback receives a total of 123 weekly downloads. As such, agent-browser-plugin-allow-loopback popularity was classified as not popular.
We found that agent-browser-plugin-allow-loopback demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.