Technology @beehaw.org jarfil @beehaw.org 5d ago

Popular Chrome extensions hijacked by hackers in widespread cyberattack

www.tomsguide.com Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk

Legitimate browser extensions were turned bad through malicious updates

a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.

While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser

You're viewing a single thread.

12 comments

The extensions in question in case you can't access the article.

Blipshot (one click full page screenshots)

Emojis - Emoji Keyboard

WAToolkit

Color Changer for YouTube

Video Effects for YouTube and Audio Enhancer

Themes for Chrome and YouTube™ Picture in Picture

Mike Adblock für Chrome | Chrome-Werbeblocker

Page Refresh

Wistia Video Downloader

Super Dark Mode

Emoji Keyboard Emojis for Chrome

Adblocker for Chrome - NoAds

Adblock for You

Adblock for Chrome

Nimble Capture

KProxy
- All of these already sound shady.
  
  I had the "Page Refresh" one... disabled, but still installed. There are multiple "[Auto] [Easy] Page/Tab Refresh/Reload" extensions in the store, hard to pick one that won't go rogue.
  
  "Page refresh". You mean F5 (or ctrl + r) right?
  
  Yes, every 30 seconds, for hours on end.
  
  Useful for many things, starting with CI/CD status panels.
  
  A lot harder to do when it’s not on your computer. At work we have some TVs displaying a web oage full screen. I’m not gonna vnc in just to hit F5 every 30 minutes.
  
  You set the webpage to self refresh on interval by itself no extensions needed.
  
  We already have it for every 20 minutes but sometimes it fails for various reasons. 30 minutes is the backup before I just reboot it.
  
  Some of them also sound pointless, e.g the emoji keyboards. I know for a fact windows, macos and chromeos have inbuild emoji selectors. On linux KDE also has an selector, idk about gnome but even if it doesn't have one there's probably a shell exstention for that, there's also an app called grin (or maybe smile? can't be bothered to google rn). I literally can't see a reason to use an web extension over those.

12 comments