There are myriad attacks that could be executed with a spoofed extension; the most obvious of these would be to create and sign a traffic logger to capture a victim’s Web activity. The researcher also produced a proof-of-concept of a spoofing attack and written up instructions on how to remove the extension.
Yahoo has since posted a replacement Web search extension that does not include the private half of the security certificate.
What is Axis? Axis is a new search and browsing tool from Yahoo that was released on Wednesday. It is available for desktop computers, as an extension for Google Chrome, Mozilla Firefox, Internet Explorer and Safari, as well as for iOS devices, as a stand-alone app.