Support the ZSU
Youtube
Facebook
Delete immediately — 57 dangerous extensions found in Chrome
Secure Annex researcher John Tuckner has discovered 57 Chrome extensions installed by a total of six million users that secretly track browsing behaviour, access cookies, and download remote scripts. The so-called "hidden" extensions are not indexed by search engines and do not appear in the Chrome Web Store results, so they can only be installed via a direct link.
Bleeping Computer writes about it.
What are the dangers of "hidden" extensions in Google Chrome?
This is usually how internal corporate utilities or products are distributed during the testing phase, but attackers use the same scheme to promote malicious add-ons through ads or phishing sites.
The Fire Shield Extension Protection plugin was the first to come under suspicion. After analysing it, Tuckner found intricate code and API calls that transmit browsing data to the unknow.com domain. A further search at this address led the researcher to dozens of similar extensions masquerading as ad blockers or "privacy" tools.
Each of them requests excessive permissions, ranging from reading cookies and monitoring activity on websites to the ability to spoof search results and inject iframe scripts that run remotely. Although the theft of passwords or cookies has not been confirmed, the combination of features and deep code obfuscation lead experts to consider the extension a potential spyware.
Secure Annex also notes the potential of command-and-control: plugins can list the most frequently visited resources, open and close tabs, or activate real-time tracking. Some of the extensions have already been removed from the Chrome Web Store after the report, but some, such as Cuponomia — Coupon and Cashback, Browser WatchDog for Chrome, or the aforementioned Fire Shield, are still available.
Users are advised to remove suspicious add-ons immediately and change passwords to online accounts to be safe. Google confirmed that it was aware of Tuckner's research and was checking the plugins in question.
As a reminder, Google is developing the Chrome browser version for Android that supports extensions. Some enthusiasts have already installed the experimental build on their mobile devices and tested it.
We also wrote that many services and websites on the Internet collect a huge amount of information about user activity. Experts have recommended browsers that can guarantee anonymity while browsing, and the browser to avoid in this regard is Google's Chrome.
