Chrome extensions with 1.4M installed secretly track visits and inject code

Chrome extensions with 1.4M installed secretly track visits and inject code

Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported that they were surreptitiously tracking users’ browsing history and entering the tracking code on the specific e-commerce sites they visited.

The five extensions Reported by McAfee It aims to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, the company’s researchers said, the extensions kept a playlist of every site a user visited and took additional actions when users reached specific sites.

The plugins send the name of each visited site to the dedicated developer site d.langhort.com, along with a unique ID, country, city, and zip code for the visiting device. If the visited site matches a list of e-commerce sites, the developer domain directs extensions to include JavaScript on the visited page. The code modified the site’s cookies so that the extension authors receive affiliate payments for any items purchased.

To help keep activity confidential, some extensions are programmed to wait 15 days after installation before beginning to collect data and enter code. The selected extensions from McAfee are:

Noun Attachment ID Users
Netflix party mmnbenehknklpbendgmgngeaignppnbe 80000

Netflix Party 2

flijfnhifgdcbhglkneplegafminjnhn 300,000

FlipShope – Price Tracker Extension

adikhbfjdbjkhelbdnffogkobkekkkej 80000

Full page screenshot – screenshot

pojgkmkfincpdkdgjepkmdekcahmckjp 200,000
Flash sales for automatic purchase Ghbna GlfafMahbid Majeed FdMjkbd 20000

As of Wednesday, all five extensions have been removed from the Chrome Web Store, a Google spokesperson said. Removing extensions from their servers is different from uninstalling extensions from 1.4 million infected devices. People who have installed extensions have to manually check their browsers and make sure that they are no longer working.

See also  Bluesky, the decentralized alternative to Twitter, arrives as an invite-only iOS app

Leave a Reply

Your email address will not be published. Required fields are marked *