2
Google Chrome has cleaned up its Chrome Store by removing extensions deemed dangerous. They tracked user browsing and collected their data.
Google is removing five dangerous extensions from its Chrome Store. © Getty Images
On Wednesday August 31, 2022, Google removed half a dozen extensions from its Chrome Store. These offered various services, but had one thing in common: once installed on the device, a code developed by the creator(s) made it possible to steal data. These tools have been downloaded by approximately 1.4 million people, certainly as many victims.
The extensions thus sent the name of each site visited to the developer, along with a unique identifier and the country, city and postal code of the device. Then at each e-commerce site visited, a JavaScript code was launched in the background, modifying the cookies of the said site so that the creators of the extension received an affiliate payment for each item purchased. It was McAfee who discovered the pot of roses and published a blog post on August 29th.
The five harmful extensions removed by Chrome. © McAfee
Clever crooks all the same, since some extensions were programmed to wait 15 days before setting up the script and thus remain as discreet as possible. These extensions haven’t been available on the Chrome Store since Wednesday, August 31, but that doesn’t mean they’ve been removed from all devices, or that they’ve been disabled by their creators.
The extensions identified as dangerous by McAfee are: Netflix Party, Netflix Party 2, FlipShope-Price Tracking Extension, Full Page Screenshot Capture-Screenshotting and AutoBuy Flash Sales. The first two alone have more than a million users.