These 35 Chrome Extensions Look Legit—But They’re Spying on You

Security researcher, John Tuckner, has discovered 35 Google Chrome extensions that have been collectively downloaded over 4 million times, which are in fact spying on users.
The extensions have managed to bypass security checks on the Chrome Web Store, with many under the guise of offering protective services such as ad blocking and privacy protection.
All of the extensions have had their coding obfuscated, making analysis more difficult, and all link to the same domain.
The extensions require a host of intrusive permissions, including the ability to interact with the browser, store cookies, modify website data and structure, and trigger alerts.
As many as ten of the extensions have been featured on the Chrome Web Store, indicating that Google’s own vetting processes have been insufficient.
The extensions have now been flagged and can no longer be downloaded, but those who have already downloaded them are urged to delete them immediately.
This is the latest in a series of security lapses on the Chrome Web Store, and users are advised to scrutinise extensions heavily before choosing to install them.

Fast Feed