Malicious extension on the Chrome web store

http://codeonfire.cthru.biz/?p=96

Google has since removed the extension.

I seriously doubt this is the worst we'll see in terms of a malicious extension.

 

the extension is still on Chrome store.

i just been there.

 

If it's back the line has likely been removed.

 

To be honest i had that extension but a few months/weeks (Don't really remember) i switched version of Chromium and it disappeared and never bothered to get it back

 

From what I can see it is still in the Chrome Store. 491,260 users have downloaded this extension.

Google should really vet these extensions properly. One or two have disappeared of late, I often wonder why. What happened to Ultimate Flag for instance?

I don't use Chrome (or its extensions) much these days. I don't feel like I'm missing anything.

 

So, this extension was spying on users; it was removed from Google Chrome Web Store. The problematic code was removed; it was reintroduced in Google Chrome Web Store.

Does this process, somehow, give you any confidence?

There is no trust in such developer. Why would Google reintroduce it back? Any extensions from this developer should be banned for ever.

Not only that, Google should analyze the code of all extensions, before introducing them in Google Chrome Web Store.

I honestly hope that more situations like this one happen and get reported all over the Internet. Maybe this bad publicity will force Google to act different.

 

I agree m00n.

 

I totally agree. As a Chrome extension author/developer (and knowing how the Web Store works), I know how easy it is for someone to slip in malicious code into his/her extension (there's no code-checking/verification process; it's just "upload and go").

For this reason, I avoid installing Chrome extensions other than what I deem to be necessary (which are mainly ad-removing/privacy enhancing).

 

On the Horizon:

https://www.wilderssecurity.com/showthread.php?t=312245


HKEY1952