Google Chrome Extensions With 32 Million Downloads Found to be Stealing User Data

[LoadsaMoney]

Google Chrome extensions with 32 million collective downloads have found to be part of a spyware effort that has been stealing user data. Google was notified last month by researches about the malicious nature of these 70 extensions, after which it took them down from the Chrome Web Store.

The extensions disguised themselves as file convertors and some, ironically, alerted users for malicious websites. In reality, the extensions were stealing browsing history and user data. With 32 million downloads in total for these 70 extensions, it highlights important issues for Google that need to be resolved in order to protect user privacy and security when downloading extensions for Chrome.

https://wccftech.com/google-chrome-...ion-downloads-found-to-be-stealing-user-data/

 

[jpaul]

what are/were the extensions then ?
the links track through to a company taking names to get a copy of their 'report'

 

[james.miller]

There's a TSV you can download, no details required. I've pulled the list of extension names from the report:

browse-safer
browsing-protector
browsing-safety-checker
bytefence-secure-browsing
convertwordtopdf
doctopdf
easyconvert
easyconvertdefault-search
gofiletopdf
mydocstopdf
pdf2doc
pdf-ninja-converter
pdf-opener
quicklogin
quickmail
search-by-convertfilenow
search-by-convertpdfpro
search-manager
secured-search-extension
secure-web-searching
securify-for-chrome
thedocpdfconverter
theeasywaypro
thesecuredweb-protected-b
ttab
viewpdf

 

[opethdisciple]

Browser addons will be dropped sooner or later as they are just another attack vector.

 

[jpaul]

There's a TSV you can download, no details required. I've pulled the list of extension names from the report:

thanks for extracting those - can't see any I use, & don't have any converters installed.

now looking through file, many/most of the extensions seem to have wording

- The extension requires this permission in order to allow payment for distribution affiliates and show a better user experience.

don't think I've ever encountered an extension with such wording, if, indeed, the user has to then perform an explicit action, that would be a red flag.

 

[wesley]

i never keen on installing any extensions for that reason. only extension i have is ublock orgin.

 

[jpaul]

Two I installed the other week , in addition to(& despite) ublock O, to replace, an ineffective, clearurl

courtesy of https://www.reddit.com/r/firefox/comments/f8wjra/clearurls_and_skip_redirect_extensionsare_both/
massively sped up chrome browsing;
ublock O, alone, will either block the redirect site, or track you.

Neat URL
5.0.0
Skip Redirect
2.2.3

 

[jpaul]

I'd like a solution for identifying web-sites that cause excess cpu use, neither chrome nor firefox can really help nail sites burning watts, if, you have multiple tabs open.
- should be a green certification for web-sites

just discovered the chrome browser task manager to identify the web sites, and extensions that are burning the cpu. (why did no one tell me)

Proactive image loading - I assume that is what it is - on sites like https://eu.patagonia.com/gb/en/shop/mens-pants

consumes one of the cpu's , my non-active tabs are unloaded after 60s, but, does anyone have a better medicine. ?

I quite like the patagonia brand , but it is not an eco website

 

[arknor]

just discovered the chrome browser task manager to identify the web sites, and extensions that are burning the cpu. (why did no one tell me)

Proactive image loading - I assume that is what it is - on sites like https://eu.patagonia.com/gb/en/shop/mens-pants

consumes one of the cpu's , my non-active tabs are unloaded after 60s, but, does anyone have a better medicine. ?

I quite like the patagonia brand , but it is not an eco website

some websites use a crazy amount of resources up

like right now I'm listening to a video on youtube and browsing ocuk and firefox is using 500mb, yet there are single websites I can visit and I'll be using 1-2gb of ram like what the hell are they doing in the background and how much data are they letting how many companies harvest. I'm not talking dodgy websites either but ones most people should have heard of

theres whole video games you could run that use less ram.... okay not modern ones but you don't have to go back that far.
heck windows 10 only really needs like 3.5gb so why do some websites use a gb of ram...

 

[Deleted member 77746]

oooof bye bye extensions! What's worse is chrome extensions work in Microsoft Edge Chromium so a big oof about to happen.

 

[OZONE]

I prefer Firefox myself, and it is more privacy centric