23Kas
Security concern with hosting a chrome extension on a public server
We have chrome extension that is for internal use by our clients. It is force-installed via enterprise policy. So far, we have it published on the Chrome WebStore but we need to move off of it due to Manifest V3 restriction and host it on our own server. What would be some security concern we should be aware of and how can be guard against it? How can we prevent some type of man-in-the-middle attack where another malicious extension gets downloaded instead of ours.