:awesome:🐦🔥nemo™🐦⬛ 🇺🇦<p>🚨 Over 90 Chrome extensions—including big names like Avast, Trust Wallet & Browsec VPN—were found leaking sensitive data & credentials! 🕵️♂️🔑 Millions at risk from hardcoded secrets & unencrypted traffic. Stay safe & review your extensions!<br>Read more 👉 <a href="https://cyberinsider.com/over-90-chrome-extensions-found-exposing-sensitive-data-and-credentials/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberinsider.com/over-90-chrom</span><span class="invisible">e-extensions-found-exposing-sensitive-data-and-credentials/</span></a><br><a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a> <a href="https://mas.to/tags/DataLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataLeak</span></a> <a href="https://mas.to/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mas.to/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
201active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#chromeextensions
0 posts · 0 participants · 0 posts today
Yellow Flag<p>I meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: <a href="https://palant.info/2025/01/13/chrome-web-store-is-a-mess/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">palant.info/2025/01/13/chrome-</span><span class="invisible">web-store-is-a-mess/</span></a></p><p>This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”</p><p>I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.</p><p>There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.</p><p>I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: <a href="https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">palant.info/2025/01/13/biscien</span><span class="invisible">ce-collecting-browsing-history-under-false-pretenses/</span></a></p><p>This post provides more details on BIScience Ltd., another company selling browsing data of extension users. <span class="h-card" translate="no"><a href="https://infosec.exchange/@tuckner" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tuckner</span></a></span> and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.</p><p><a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cws</span></a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeWebStore</span></a></p>
Yellow Flag<p>My research on how Chrome extensions spam Chrome Web Store search with irrelevant keywords has been picked up by <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span>: <a href="https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/</span></a></p><p>The article quotes me towards the end, something that is worth repeating:</p><blockquote><p>“It wasn’t <em>that</em> hard to notice, and they have better access to the data than me. So either Google isn’t looking or they don’t care.”</p></blockquote><p><a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cws</span></a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeWebStore</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a></p>
Yellow Flag<p>Back in October I asked here why searching for “Norton Password Manager” on Chrome Web Store brings up five completely unrelated extensions which all show up before the actual Norton Password Manager. Now I know the answer: some extension authors figured out how to use translations in order to mess with the search results. <a href="https://palant.info/2025/01/08/how-extensions-trick-cws-search/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">palant.info/2025/01/08/how-ext</span><span class="invisible">ensions-trick-cws-search/</span></a></p><p>I found 920 extensions using this approach. Most of them fall into a few large extension clusters that are spamming Chrome Web Store. For example, I could attribute 122 extensions to the Kodice / Karbon Project / BroCode cluster that I covered in June 2023 originally. Another 100 extensions belong to the PDF Toolbox cluster that originally appeared on my blog in May 2023. The ZingFront / ZingDeck / BigMData cluster is one I also researched back in 2023 but didn’t publish – 223 extensions.</p><p>There is also a cluster that was new to me and which I couldn’t really tie to a company name (apart from finding two red herrings). There seems to be a Ukrainian/Russian language part and a Farsi (?) language part here, and it’s hundreds of extensions despite only 55 of them qualifying for the list in this article.</p><p>Now that this is out, are you as excited as me to see what Google will do about this?</p><p><a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cws</span></a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a> <a href="https://infosec.exchange/tags/chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chrome</span></a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeWebStore</span></a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a></p>
PrivacyDigest<p>Time to check if you ran any of these 33 malicious <a href="https://mas.to/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a> extensions</p><p> At least 33 <a href="https://mas.to/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.<br><a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/chromeextensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chromeextensions</span></a></p><p><a href="https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/</span></a></p>
Tino Eberl<p>‼️ Achtung bei <a href="https://mastodon.online/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a>: <a href="https://mastodon.online/tags/Schadcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schadcode</span></a> wurde in 36 Erweiterungen eingeschleust, darunter <a href="https://mastodon.online/tags/KI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KI</span></a>-Tools, <a href="https://mastodon.online/tags/Passwortmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwortmanager</span></a> und <a href="https://mastodon.online/tags/VPNs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPNs</span></a>.‼️ </p><p><a href="https://www.golem.de/news/millionen-nutzer-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">golem.de/news/millionen-nutzer</span><span class="invisible">-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html</span></a></p><p>Betroffen sind 2,6 Millionen Nutzer. Der Angriff begann mit einem <a href="https://mastodon.online/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a>-Vorfall und zielt auf sensible Daten wie <a href="https://mastodon.online/tags/Facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Facebook</span></a>-Zugangsdaten ab. Nutzer sollten betroffene <a href="https://mastodon.online/tags/Extensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Extensions</span></a> prüfen und <a href="https://mastodon.online/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwörter</span></a> ändern. Mehrere Erweiterungen wurden bereits bereinigt oder entfernt. </p><p><a href="https://mastodon.online/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersicherheit</span></a> <a href="https://mastodon.online/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenschutz</span></a> <a href="https://mastodon.online/tags/OnlineSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnlineSicherheit</span></a></p>
Hackread.com<p>🚨 Over 16 Chrome Extensions hacked including one belonging to a cybersecurity firm, impacting 600K+ users! A phishing attack on publishers led to malicious updates stealing data, cookies & credentials.</p><p>Read: <a href="https://hackread.com/16-chrome-extensions-hacked-credential-theft-scheme/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/16-chrome-extensi</span><span class="invisible">ons-hacked-credential-theft-scheme/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeExtensions</span></a> <a href="https://mstdn.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://mstdn.social/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a></p>
PrivacyDigest<p><a href="https://mas.to/tags/Hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackers</span></a> <a href="https://mas.to/tags/hijack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hijack</span></a> a wide range of companies' <a href="https://mas.to/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a> <a href="https://mas.to/tags/extensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extensions</span></a> , experts say<br><a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/chromeextensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chromeextensions</span></a></p><p><a href="https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reuters.com/technology/cyberse</span><span class="invisible">curity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload