Chrome extensions with 1.4M installed secretly track visits and inject code (1 Viewing)

Nov 28, 2020
Toronto, ON
Country flag
Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported that they were surreptitiously tracking users’ browsing history and entering the tracking code on the specific e-commerce sites they visited.

The five extensions Reported by McAfee It aims to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, the company’s researchers said, the extensions kept a playlist of every site a user visited and took additional actions when users reached specific sites.

The plugins send the name of each visited site to the dedicated developer site, along with a unique ID, country, city, and zip code for the visiting device. If the visited site matches a list of e-commerce sites, the developer domain directs extensions to include JavaScript on the visited page. The code modified the site’s cookies so that the extension authors receive affiliate payments for any items purchased.

To help keep activity confidential, some extensions are programmed to wait 15 days after installation before beginning to collect data and enter code. The selected extensions from McAfee are:

NounAttachment IDUsers
Netflix partymmnbenehknklpbendgmgngeaignppnbe80000
Netflix Party 2flijfnhifgdcbhglkneplegafminjnhn300,000
FlipShope – Price Tracker Extension
Full page screenshot – screenshot
Flash sales for automatic purchaseGhbna GlfafMahbid Majeed FdMjkbd20000

As of Wednesday, all five extensions have been removed from the Chrome Web Store, a Google spokesperson said. Removing extensions from their servers is different from uninstalling extensions from 1.4 million infected devices. People who have installed extensions have to manually check their browsers and make sure that they are no longer working.

Chrome extensions with 1.4M installed secretly track visits and inject code
I have used Chrome extensions in the past but those are always from trusted sources like Hubspot and Clearbit.

Members who recently read this topic: 1

Sponsors who contribute to keep free for everyone.

Sponsors who contribute to keep free.