![]() ![]() So what should you do when all the sketchy extensions look just like the real deal? Meshkov recommended looking up the developer website for the extension you want, and they’ll have a link to the store where you can install it. In the past, these extensions have transferred hands and ended up spreading malware to users. Meshkov told me that while Google removed the extensions he flagged, the store is littered with these kinds of sketchy, copycat extensions. “For instance the extension could probably man-in-the-middle all the requests coming from your browser, but it can't, for instance, read your browser's encrypted password database, because that is not a privilege that extensions can have,” Zhu explained over Twitter direct message. She said while an extension with this kind of code couldn’t do “literally anything,” it could definitely run some malicious behavior. She told me that Chrome has a history of approving sketchy extensions to its store. I asked Yan Zhu, a software engineer who works for the privacy-conscious browser Brave,, to look at Meshkov’s findings. Meshkov said it could alter the appearance of pages, scrape information from the user, or load additional extensions that a user hasn’t installed. Though Meshkov didn’t immediately see what the extension was collecting data for, he said having this link to a remote server is dangerous because it could change your browser behavior in many ways. Screengrab of the image that was hiding malicious script in AdRemover. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |