2024-03-11 21:14:22
GitHub_M
PUBLISHED
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesnt check the sender when receiving an external message. This allows an attacker to host a website that will steal the users Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.