Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Extension Caught Hijacking Users' Browsers (softpedia.com)

Posted by msmash on from the shady-owners,-rogue-extensions dept.

An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the user's traffic through a proxy, showing ads and collecting analytics on the user's traffic habits. This same malicious code has also been found in other Google Chrome extensions such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker. At the moment, only Better History and User-Agent Switcher have been removed from the Web Store.

9 of 77 comments (clear)

  1. Firefox by pablo_max · · Score: 5, Funny

    That is why I use firefox in combination with flash and java.
    It uses so much system resources it would be impossible for any malware to do anything.

    1. Re:Firefox by U2xhc2hkb3QgU3Vja3M · · Score: 3, Funny

      You should mine Dogecoins with your CPU while at the same time mining Bitcoins with your GPU, that's the only way to be sure.

  2. That sucks ... by gstoddart · · Score: 4, Insightful

    As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the user's traffic through a proxy, showing ads and collecting analytics on the user's traffic habits.

    That really sucks, because basically it means malicious assholes can take control of these things.

    But, I think it points to a broader problem: EULAs.

    The notion that a product can be sold, have the EULA changed giving the new company the ability to ignore any limitations they don't like, and then have it be "too bad, it's in the license".

    There need to be real privacy laws, with real penalties, and real restrictions about what you can do with it once you've collected it.

    Shit like this should be illegal. And if people won't make it illegal (because lawmakers are on the payroll of large corporations who want this), then some of the black hats should be looking to burn you to the ground for being such douchebags.

    --
    Lost at C:>. Found at C.
    1. Re:That sucks ... by Actually,+I+do+RTFA · · Score: 3, Insightful

      But, I think it points to a broader problem:

      I think the broader problem is auto-updating software.

      --
      Your ad here. Ask me how!
  3. Caught it in two weeks. by 140Mandak262Jamuna · · Score: 4, Informative
    The original developer who built up the trust, sold out on Mar 23. It took the users some time to notice it, and in two weeks the extension is off the store. And other extensions have been spotted. So in some sense, not so bad.

    On the other hand the permissions model seems to be broken. So many users give the apps all the permissions it asks for. Once a permission is granted, it is often difficult to go back and turn off permissions. I don't know how to make it easy to use and to let the user have the flexibility of control.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  4. The obvious question is... by SeaFox · · Score: 4, Funny

    Is Rightscorp the developer?

  5. Re:Firefox will be fucked by malware like this, to by amicusNYCL · · Score: 5, Informative

    Right, this has nothing to do with the security of the extension repository and everything to do with yet another example of advertisers getting their hands on something and then shitting all over it. This is what advertisers do, they suck up all of the data they can, sell it, and show ads. What's missing from this story is the naming and shaming of the advertising company in question, and a condemnation from other advertisers that their industry should not engage in this kind of shady crap. I wouldn't hold my breath for those though.

    At least the original author is doing his part after he realized what happened:

    I'm going to alert as many users as I can that it has been compromised. I still have access to the mailing list (it was not part of the sale). Will be sending them a message with details.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  6. Change app identifiers by Todd+Knarr · · Score: 5, Interesting

    Thought: app stores need to change the app's identifying number when ownership changes hands. The app store can then notify users at the next update and let them choose whether to update and switch to the new version or reject the update. That'd put an end to this mess.

  7. It's nothing new by rsilvergun · · Score: 3, Informative

    I'm a Firefox add on developer and I get offers like this all the time. Shady companies have been buying extensions and putting malware in them for ages. Firefox and Chrome both have kill switches now that let them disable the extensions outside of developer builds. It's a bit of a pain since I can't throw up a beta of my plugin on my site anymore, but there's a development channel for me to use now so it's not that big of a deal.

    If you see this happen tell Mozilla/Google. They'll check the code, see the shenanigans and kill it. The browser will then refuse to run the code. If you're the worried sort or if you have a lot of extensions then disable auto-updates and patch as needed (I generally don't bother updating my plugin unless it breaks, which it just did :) ).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/