Self‑HTML Injection in Total WebShield (Chrome Extension v3.2)

Jul 27, 2025 · 3 min read · TL;DR: (This vulnerability was named CVE-2025-8751)Total WebShield (v3.2) fails to sanitize the category URL‑parameter in its block page, allowing an attacker to inject arbitrary HTML into the extension’s UI. This can be abused to load remote content...