Pointed out that the extension 'The Great Suspender' for Chrome has become malware

It has been pointed out that the extension 'The Great Suspender' that suspends inactive tabs has been suspiciously updated under the new owner, and software developer David Foster Mr. shows the measures.

I no longer trust The Great Suspender | DaFoster


I no longer trust The Great Suspender | Hacker News


[Open Source Development] The Great Suspender Saga, or, “If a Chrome extension is sold and no one's around to hear it, is it malware?”: KyleTaylor

The Great Suspender is an extension for Chrome that is used by more than 2 million people and has been extremely well received with 4 stars in 4712 reviews at the time of writing.

However, in June 2020, ownership of The Great Suspender was transferred from the original developer to another person.

Initially, the new owner did nothing. The move was in October 2020, when the version of The Great Suspender published in the Chrome store was updated to 7.1.8. However, despite the fact that The Great Suspender was an open source project, the version remained at 7.1.6 in the GitHub repository. The owner did not disclose the change log or answer any questions about what changes were made.

As a result of the verification, we found that the added code contained something that called external JavaScript, and that it was related to the analysis library. Then, in the Microsoft Store, the Great Suspender published for Edge will be warned as 'extensions containing malware'.

The Chrome Web Store doesn't warn you when you write the article, but it's probably almost malware, just like it was for Edge.

For users who have already updated to version 7.1.8, Foster offers some workarounds. The first two points are simple measures.

-Check 'Automatic deactivation of any kind of tracking' in the extension settings
・ I pray that suspicious developers will not make malicious updates to The Great Suspender.

And for users who want to continue using The Great Suspender, the following are listed as 'should do this'.

・ Close unnecessary tabs as much as possible
-Unpause the remaining tabs
-Uninstall The Great Suspender (7.1.8)
-Download version 7.1.6 of The Great Suspernder from GitHub to a location other than the 'Download' folder.
-Load and install the downloaded file using 'Load unpackaged extension' that can be used in the developer mode of the extension screen.

This procedure is used by developers to check the operation of extensions under test. Google Chrome does not have the ability to stop automatic updates of extensions, but you can avoid automatic updates by installing this procedure. However, every time you start Chrome, a new kind of security prompt will be issued, but you should ignore it.

Foster warns that users should be careful, as there are other extensions besides The Great Suspender that suspend tabs, but they haven't checked for safety on their own.

in Software,   Security, Posted by logc_nt