It turns out that Chrome's popular extension has a `` code to insert an illegal affiliate ''



Google's web browser Chrome can add useful functions such as YouTube's subtitle reading function and offline saving function of web pages by adding extensions. However, researchers at major security company McAfee reported that five types of extensions that were downloaded a total of 1.4 million times contained ``codes for illegally obtaining affiliate revenue''. One of the reported extensions is no longer available, but the remaining four are still available from Google's official web store, and some have been given the 'Google Recommended Label'. doing.

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/

Chrome extensions with 1.4 million installs steal browsing data
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/

The code discovered by McAfee researchers was 'monitoring the user's browsing history and rewriting the cookie and disguising the referrer when access to the online shop was detected.' Various online shops have a system of ``paying a reward for the website that leads to the online shop'', but when using the extension function in which the code in question is inserted, various online The shop recognizes that 'the online shop was accessed through the attacker's website', and the reward is paid to the attacker instead of the original web page administrator.

The code in question was inserted in the following 5 extensions. Both were popular extensions with tens of thousands of downloads, with a total of 1.4 million downloads.

・Extended function ' Netflix Party ' that allows multiple people to watch Netflix at the same time (Number of downloads: 800,000 times or more)
・Extended function ' Netflix Party 2 ' that allows multiple people to watch Netflix at the same time (Number of downloads: 300,000 times or more)
・ Extension function ' Full Page Screenshot Capture ' that allows you to take a screenshot of the entire web page from top to bottom (Number of downloads: 200,000 times or more)
・ Online shop price tracking function “ FlipShope – Price Tracker Extension ” (Number of downloads: 80,000 times or more)
・ Online shop price tracking function “ AutoBuy Flash Sales ” (Number of downloads: 80,000 times or more)

At the time of writing, extensions other than 'Netflix Party' continue to be available from Google's official web store. In addition, 'Full Page Screenshot Capture' is also given the label 'Recommended', which indicates that it has met Google's standards.



All of these extensions have the functionality as advertised. In addition, code to circumvent the threat detection 'do not perform unauthorized actions for 15 days after installation' has also been confirmed. For this reason, McAfee points out that users will continue to use extensions without noticing malicious code.

As noted above, most of the extensions in question are still available and have not been automatically removed from Chrome. Therefore, users who have the extension in question installed will need to manually uninstall it. How to uninstall the extension is as follows.

First, click the puzzle piece icon in the top right corner of Chrome's screen, then click the menu button located to the right of the extension you want to remove.



When the menu is displayed, click 'Remove from Chrome'.



Then click 'Remove' to complete the removal of the extension.



in Software,   Security, Posted by log1o_hf