Malicious extension on the Chrome web store

Discussion in 'other security issues & news' started by Hungry Man, Nov 13, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://codeonfire.cthru.biz/?p=96

    Google has since removed the extension.

    I seriously doubt this is the worst we'll see in terms of a malicious extension.
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    the extension is still on Chrome store.

    i just been there.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If it's back the line has likely been removed.
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    To be honest i had that extension but a few months/weeks (Don't really remember) i switched version of Chromium and it disappeared and never bothered to get it back :eek:
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    From what I can see it is still in the Chrome Store. 491,260 users have downloaded this extension.

    Google should really vet these extensions properly. One or two have disappeared of late, I often wonder why. What happened to Ultimate Flag for instance?

    I don't use Chrome (or its extensions) much these days. I don't feel like I'm missing anything.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, this extension was spying on users; it was removed from Google Chrome Web Store. The problematic code was removed; it was reintroduced in Google Chrome Web Store.

    Does this process, somehow, give you any confidence?

    There is no trust in such developer. Why would Google reintroduce it back? Any extensions from this developer should be banned for ever.

    Not only that, Google should analyze the code of all extensions, before introducing them in Google Chrome Web Store. :thumbd:

    I honestly hope that more situations like this one happen and get reported all over the Internet. Maybe this bad publicity will force Google to act different.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I agree m00n.
     
  8. andryou

    andryou Registered Member

    Joined:
    Nov 15, 2011
    Posts:
    21
    I totally agree. As a Chrome extension author/developer (and knowing how the Web Store works), I know how easy it is for someone to slip in malicious code into his/her extension (there's no code-checking/verification process; it's just "upload and go").

    For this reason, I avoid installing Chrome extensions other than what I deem to be necessary (which are mainly ad-removing/privacy enhancing).
     
  9. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
Loading...
Thread Status:
Not open for further replies.