Google Chrome extension with 1.4 million downloads found to steal data
Google Chrome is one of the most popular web browsers in the world, thanks to its ability to be customized with themes and extensions, allowing users to perform various tasks with a single click. Now, a new report from McAfee says they've uncovered five Google Chrome extensions that steal users' browsing data and, interestingly, have been downloaded more than 1.4 million times. These extensions provide the promised functionality, but do not explicitly mention to users the activity of collecting browsing data without notice.
The five Google Chrome extensions in question include Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension, and AutoBuy Flash Sales. Netflix Party has over 800,000 downloads and Netflix Party 2 Chrome Extension has over 300,000 downloads.
Five Google Chrome extensions have allegedly been stealing users' browsing activity. They loaded a multipurpose script that sent ever-growing data to attacker-controlled domains, the report said. Every time a new URL is visited, the user's browsing data is sent to the domain. This information includes user ID, device location, country zip code, and encoded referral URL.
If any visited URL matches any of the listed websites where the extension author has an active affiliate account, the server will respond by inserting a malicious multipurpose script on the visited website. Alternatively, it also modifies or replaces the cookie with the given cookie to perform some action. Netflix Play, Netflix Play 2 and AutoBuy Flash sales have been removed from the Extention store. However, other extensions can still be downloaded.