Chrome extensions with 1.4M installs covertly track visits and inject code - Ars Technica

2 years ago 67

EXTENSIONS BOOTED —

If you've installed immoderate of these extensions, manually region them stat.

- Aug 31, 2022 6:59 p.m. UTC

Chrome extensions with 1.4M installs covertly way   visits and inject code

Google has removed browser extensions with much than 1.4 cardinal downloads from the Chrome Web Store aft third-party researchers reported they were surreptitiously tracking users’ browsing past and inserting tracking codification into circumstantial ecommerce sites they visited.

The 5 extensions flagged by McAfee purport to connection assorted services, including the quality to watercourse Netflix videos to groups of people, instrumentality screenshots, and automatically find and use coupon codes. Behind the scenes, institution researchers said, the extensions kept a moving database of each tract a idiosyncratic visited and took further actions erstwhile users landed connected circumstantial sites.

The extensions sent the sanction of each tract visited to the developer-designated tract d.langhort.com, on with a unsocial identifier and the country, city, and zip codification of the visiting device. If the tract visited matched a database of ecommerce sites, the developer domain instructed the extensions to insert JavaScript into the visited page. The codification modified the cookies for the tract truthful that the hold authors person affiliate outgo for immoderate items purchased.

To assistance support the enactment covert, immoderate of the extensions were programmed to hold 15 days aft installation earlier opening the information postulation and codification injection. The extensions McAfee identified are:

Name Extension ID Users
Netflix Party mmnbenehknklpbendgmgngeaignppnbe 800,000

Netflix Party 2

flijfnhifgdcbhglkneplegafminjnhn 300,000

FlipShope – Price Tracker Extension

adikhbfjdbjkhelbdnffogkobkekkkej 80,000

Full Page Screenshot Capture – Screenshotting

pojgkmkfincpdkdgjepkmdekcahmckjp 200,000
AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed 20,000

As of Wednesday, each 5 extensions person been removed from the Chrome Web Store, a Google spokesperson said. Removing the extensions from its servers isn’t the aforesaid arsenic uninstalling the extensions from the 1.4 cardinal infected devices. People who person installed the extensions should manually inspect their browsers and guarantee they nary longer run.

Read Entire Article