Chrome Extension Caught Hijacking Users' Browsers

An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the user's traffic through a proxy, showing ads and collecting analytics on the user's traffic habits. This same malicious code has also been found in other Google Chrome extensions such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker. At the moment, only Better History and User-Agent Switcher have been removed from the Web Store.

Get What You Pay For

People thought all these wonderful extension were being made by people out of the goodness of their hearts?! Oh boy. Wait till you hear why Google made Chrome in the first place!

Caught it in two weeks.

[140Mandak262Jamuna]

The original developer who built up the trust, sold out on Mar 23. It took the users some time to notice it, and in two weeks the extension is off the store. And other extensions have been spotted. So in some sense, not so bad.

On the other hand the permissions model seems to be broken. So many users give the apps all the permissions it asks for. Once a permission is granted, it is often difficult to go back and turn off permissions. I don't know how to make it easy to use and to let the user have the flexibility of control.

Re:Firefox will be fucked by malware like this, to

[amicusNYCL]

Right, this has nothing to do with the security of the extension repository and everything to do with yet another example of advertisers getting their hands on something and then shitting all over it. This is what advertisers do, they suck up all of the data they can, sell it, and show ads. What's missing from this story is the naming and shaming of the advertising company in question, and a condemnation from other advertisers that their industry should not engage in this kind of shady crap. I wouldn't hold my breath for those though.

At least the original author is doing his part after he realized what happened:

I'm going to alert as many users as I can that it has been compromised. I still have access to the mailing list (it was not part of the sale). Will be sending them a message with details.

It's nothing new

[rsilvergun]

I'm a Firefox add on developer and I get offers like this all the time. Shady companies have been buying extensions and putting malware in them for ages. Firefox and Chrome both have kill switches now that let them disable the extensions outside of developer builds. It's a bit of a pain since I can't throw up a beta of my plugin on my site anymore, but there's a development channel for me to use now so it's not that big of a deal.

If you see this happen tell Mozilla/Google. They'll check the code, see the shenanigans and kill it. The browser will then refuse to run the code. If you're the worried sort or if you have a lot of extensions then disable auto-updates and patch as needed (I generally don't bother updating my plugin unless it breaks, which it just did :) ).