500 extensions threaten your personal data under Chrome - Geeko
Cybersecurity researcher Jamila Kaya pointed to several extensions available on Chrome after an investigation with experts from Cisco's Duo Security. Researchers say these extensions were not behaving securely, collecting personal information about users and sending it to malware-infected sites. Among the extensions accused, some have been installed several million times.
The researchers originally accused 71 extensions. Informed of the situation, Google continued the investigation, identifying 430 more extensions showing risky behavior.
Exporting user data was not an error as it was deliberately organized by the developers of the extensions. Having access to users' personal data enabled hackers to recover their browsing data during private browsing. The spoofed extensions also made it possible to bypass advertising channels to broadcast diverted flows, specify our colleagues from Generation-NT . There was also talk of redirecting users to malicious sites.
Currently, the malicious extensions identified have all been removed from the Chrome Web Store by Google and disabled on the browsers on which they were installed. The extensions had been in operation since at least January 2019. A period of time that would have allowed hackers to collect a significant amount of personal data. But researchers believe that the hackers behind the extension embezzlement campaign have been active since the early 2010s.
Sale of personal data: Avast to close its controversial subsidiary, the CEO apologizes
Personal data: Do internet users really want to better protect them?
- Personal data
- Google chrome