usatoday24
One day John Tuckner decided to try to be evil. He found a browser extension called “Website Blocker” that could buy for $ 50 and took it. The extension, which allows to block certain websites so that the user is not distracted with them for some time, was especially interesting because it allowed to reuse it for spam attacks. And then things happened.
Sight problem. In just a few days I had control of the extension and could do what I wanted with it. He modified the code, published the update and confirmed that the novelties had reached all users without being found. And then told what was happening: He is the founder of the cybersecurity company Secure Annex, and wanted to confirm their fears: there is great danger with extensions: anyone can buy them, modify them and reuse them for all kinds of purposes. Google reviews the modifications, but “it is not clear about what level of scrutiny,” Tuckner explained.
Another recent case. At the end of January the creator of the Browser Boost Extra Tools for Chrome extension sold this development and transferred it to its new owner. Its 30,000 users were soon exposed to the new code, which dynamically redirected websites that the new owner decided unilaterally.
I have not been. One of the extension users He warned of the problem in the github repository of the extension and analyzed the code notifying the danger of malware that could reach due to the new owner. The creator, n0m1111, explained who had sold the extension months ago and was no longer responsible for the code.
Playing with permits. These extensions often allow permits of all types of browser parameters. Tuckner explained how in the extension he bought a permit called “declarativemetretreQuest” was used that was very wide and allowed to redirect users to false authentication sites to steal their passwords. Other permits would allow the owner of an extension to take screenshots with sensitive information or access the cookies that the browser keeps to steal data from the browser sessions. The possibilities are multiple and in Xataka we already talked a few months ago about how extensions They are becoming a silent method to infect users.
A recent attack. In February, the Gitlab Threat Intelligence expert team They discovered A group of 16 Chrome extensions “used to inject code into browse to facilitate advertising and SEO fraud.” Among them they added 3.2 million users, and in Gitlab confirmed that the extensions had been bought and then modified, which allowed to avoid suspicions by users and the industry itself. These experts notified Google of the problem, and the company eliminated them all in January 2025.
Block extensions, the solution. If you want to protect yourself from these problems, the solution is block The execution of extensions in your browser, especially in computers that handle sensitive data such as work. Unless they are extensions of trust, these types of problems can cause serious security problems.
Care with permissions. Browser extensions can end up being bought, sold and reused without notice by their new owners, as has been the case. That raises a serious problem for users and companies, which before installing an extension should provide A lot of attention to permits that ask for these extensions to work.
What do they say in Google. In Xataka we have contacted Google responsible and we will update this article if we receive new data on the subject. Be that as it may, the company offers A HELP DOCUMENT In this regard and also indicated in a Article in your official blog How to stay safe with the use of extensions in Google Chrome.
In Xataka | Those responsible for the Robinson list confirm that it has not been hacked or data robbery (updated)
GIPHY App Key not set. Please check settings