He has stated on his website,Detectify Labsthat he exploited a vulnerability in HTTPS Everywhere.
After some hours of analysis I managed to disable it by just viewing a HTML page.
In fact, this didnt only work on the HTTPS Everywhere extension, but all Chrome extensions I tested!
This build contains a number of bug fixes and security updates, a partial list of which is availablehere.
However, older versions of Chrome may still be vulnerable to this exploit.
source: www.techworm.net
