Because it matters
Completely removing malicious extensions is an almost impossible task, so consumers should be careful when installing any kind of browser extension.
Google has removed a handful of browser extensions from its Chrome Web Store that were downloaded a total of 1.4 million times after outside cybersecurity researchers found that the extensions were secretly tracking their users’ online activities.
In a blog post published this week, McAfee researchers singled out five extensions that allow users to do things like watch shows on Netflix together, track deals on retail websites and take screenshots of websites. The problem was that, in addition to doing what they promised, the extensions tracked their users’ browser activity.
“Users of the extensions are unaware of this feature and the privacy risk of every website they visit being sent to the servers of the extension creators,” the researchers wrote in their blog post.
According to McAfee, every website a user visited was sent to the extension’s creator so that code could be inserted into the e-commerce sites the users visited, allowing the extension’s creators to receive affiliate payments for any items the user purchased.
A Google spokesperson confirmed Wednesday that all five extensions flagged in the McAfee report have been removed from the Chrome extension store.
Extensions are add-ons that consumers can download and use to modify browsers such as Chrome, Safari, and Firefox. Pieces of software can do things like block ads, integrate with password managers, and find coupons as you add items to your shopping cart. An extension allows users to change their mouse from an arrow to something more fun, like a sword or a slice of pizza.
Like the apps available for smartphones, there are over 100,000 extensions available for Chrome alone, along with more for other browsers. While Google and other providers say they screen all extensions available in their stores, inevitably some malicious extensions manage to sneak in.
Earlier this year, McAfee researchers identified several Chrome extensions for Netflix parties that redirected users to phishing sites and stole users’ personal information, although they appear to have been installed only 100,000 times.
While an extension that’s popular enough to have been downloaded hundreds of thousands of times may appear legitimate, McAfee researchers said their research shows that’s not always the case. They said consumers should be careful when it comes to extensions and look closely at what kinds of data an extension is asking to access before installing it.
Specifically, they said consumers should take extra steps to make sure an extension is authentic if it asks for permission to run on every website it mentions, as the recently identified malicious extensions did.
title: “Mcafee Researchers Have Identified Malicious Chrome Extensions Klmat” ShowToc: true date: “2022-12-08” author: “Caroline Garett”
Because it matters
Completely removing malicious extensions is an almost impossible task, so consumers should be careful when installing any kind of browser extension.
Google has removed a handful of browser extensions from its Chrome Web Store that were downloaded a total of 1.4 million times after outside cybersecurity researchers found that the extensions were secretly tracking their users’ online activities.
In a blog post published this week, McAfee researchers singled out five extensions that allow users to do things like watch shows on Netflix together, track deals on retail websites and take screenshots of websites. The problem was that, in addition to doing what they promised, the extensions tracked their users’ browser activity.
“Users of the extensions are unaware of this feature and the privacy risk of every website they visit being sent to the servers of the extension creators,” the researchers wrote in their blog post.
According to McAfee, every website a user visited was sent to the extension’s creator so that code could be inserted into the e-commerce sites the users visited, allowing the extension’s creators to receive affiliate payments for any items the user purchased.
A Google spokesperson confirmed Wednesday that all five extensions flagged in the McAfee report have been removed from the Chrome extension store.
Extensions are add-ons that consumers can download and use to modify browsers such as Chrome, Safari, and Firefox. Pieces of software can do things like block ads, integrate with password managers, and find coupons as you add items to your shopping cart. An extension allows users to change their mouse from an arrow to something more fun, like a sword or a slice of pizza.
Like the apps available for smartphones, there are over 100,000 extensions available for Chrome alone, along with more for other browsers. While Google and other providers say they screen all extensions available in their stores, inevitably some malicious extensions manage to sneak in.
Earlier this year, McAfee researchers identified several Chrome extensions for Netflix parties that redirected users to phishing sites and stole users’ personal information, although they appear to have been installed only 100,000 times.
While an extension that’s popular enough to have been downloaded hundreds of thousands of times may appear legitimate, McAfee researchers said their research shows that’s not always the case. They said consumers should be careful when it comes to extensions and look closely at what kinds of data an extension is asking to access before installing it.
Specifically, they said consumers should take extra steps to make sure an extension is authentic if it asks for permission to run on every website it mentions, as the recently identified malicious extensions did.
title: “Mcafee Researchers Have Identified Malicious Chrome Extensions Klmat” ShowToc: true date: “2022-11-07” author: “Reuben Gardner”
Because it matters
Completely removing malicious extensions is an almost impossible task, so consumers should be careful when installing any kind of browser extension.
Google has removed a handful of browser extensions from its Chrome Web Store that were downloaded a total of 1.4 million times after outside cybersecurity researchers found that the extensions were secretly tracking their users’ online activities.
In a blog post published this week, McAfee researchers singled out five extensions that allow users to do things like watch shows on Netflix together, track deals on retail websites and take screenshots of websites. The problem was that, in addition to doing what they promised, the extensions tracked their users’ browser activity.
“Users of the extensions are unaware of this feature and the privacy risk of every website they visit being sent to the servers of the extension creators,” the researchers wrote in their blog post.
According to McAfee, every website a user visited was sent to the extension’s creator so that code could be inserted into the e-commerce sites the users visited, allowing the extension’s creators to receive affiliate payments for any items the user purchased.
A Google spokesperson confirmed Wednesday that all five extensions flagged in the McAfee report have been removed from the Chrome extension store.
Extensions are add-ons that consumers can download and use to modify browsers such as Chrome, Safari, and Firefox. Pieces of software can do things like block ads, integrate with password managers, and find coupons as you add items to your shopping cart. An extension allows users to change their mouse from an arrow to something more fun, like a sword or a slice of pizza.
Like the apps available for smartphones, there are over 100,000 extensions available for Chrome alone, along with more for other browsers. While Google and other providers say they screen all extensions available in their stores, inevitably some malicious extensions manage to sneak in.
Earlier this year, McAfee researchers identified several Chrome extensions for Netflix parties that redirected users to phishing sites and stole users’ personal information, although they appear to have been installed only 100,000 times.
While an extension that’s popular enough to have been downloaded hundreds of thousands of times may appear legitimate, McAfee researchers said their research shows that’s not always the case. They said consumers should be careful when it comes to extensions and look closely at what kinds of data an extension is asking to access before installing it.
Specifically, they said consumers should take extra steps to make sure an extension is authentic if it asks for permission to run on every website it mentions, as the recently identified malicious extensions did.
title: “Mcafee Researchers Have Identified Malicious Chrome Extensions Klmat” ShowToc: true date: “2022-11-16” author: “Mona Long”
Because it matters
Completely removing malicious extensions is an almost impossible task, so consumers should be careful when installing any kind of browser extension.
Google has removed a handful of browser extensions from its Chrome Web Store that were downloaded a total of 1.4 million times after outside cybersecurity researchers found that the extensions were secretly tracking their users’ online activities.
In a blog post published this week, McAfee researchers singled out five extensions that allow users to do things like watch shows on Netflix together, track deals on retail websites and take screenshots of websites. The problem was that, in addition to doing what they promised, the extensions tracked their users’ browser activity.
“Users of the extensions are unaware of this feature and the privacy risk of every website they visit being sent to the servers of the extension creators,” the researchers wrote in their blog post.
According to McAfee, every website a user visited was sent to the extension’s creator so that code could be inserted into the e-commerce sites the users visited, allowing the extension’s creators to receive affiliate payments for any items the user purchased.
A Google spokesperson confirmed Wednesday that all five extensions flagged in the McAfee report have been removed from the Chrome extension store.
Extensions are add-ons that consumers can download and use to modify browsers such as Chrome, Safari, and Firefox. Pieces of software can do things like block ads, integrate with password managers, and find coupons as you add items to your shopping cart. An extension allows users to change their mouse from an arrow to something more fun, like a sword or a slice of pizza.
Like the apps available for smartphones, there are over 100,000 extensions available for Chrome alone, along with more for other browsers. While Google and other providers say they screen all extensions available in their stores, inevitably some malicious extensions manage to sneak in.
Earlier this year, McAfee researchers identified several Chrome extensions for Netflix parties that redirected users to phishing sites and stole users’ personal information, although they appear to have been installed only 100,000 times.
While an extension that’s popular enough to have been downloaded hundreds of thousands of times may appear legitimate, McAfee researchers said their research shows that’s not always the case. They said consumers should be careful when it comes to extensions and look closely at what kinds of data an extension is asking to access before installing it.
Specifically, they said consumers should take extra steps to make sure an extension is authentic if it asks for permission to run on every website it mentions, as the recently identified malicious extensions did.
