287 malicious Chrome extensions found to leak or steal user data
A total of 287 Chrome extensions have been identified that allegedly steal browsing history data from users. These extensions are believed to have been installed over 37.4 million times. The names of the affected extensions and their Chrome Web Store URLs are listed at the following site:
GitHub - qcontinuum1/spying-extensions: Report on spying browser extensions by Q Continuum group.
Security researcher finds 287 Chrome extensions leaking data • The Register
287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users
https://hackread.com/chrome-extensions-harvest-browsing-data-37m-users/
The extensions, disguised as seemingly harmless tools like ad blockers and search assistants, actually collected users' personal data and sold it to data brokers. The stolen data included URLs from Google searches and user IDs, some of which were detailed enough to identify users' social media accounts.
Among the extensions were well-known ones such as Similarweb , a well-known information analysis tool. The problematic extensions related to Similarweb are said to have been installed more than 10.1 million times.
Security researcher Q Continuum built a system that simulates real-world browsing and checks data sent from a PC. He scanned the top 32,000 extensions in the Chrome Web Store and found that 287 extensions were involved in data leaks. These extensions are estimated to have been installed at least 37.4 million times.
Many of these tools transmit user data in plain text, and some use obfuscation to hide their information-stealing activities. Of the 37.4 million installations, approximately 17.4 million are known to be associated with more than 30 companies, while the source of the remaining 20 million installations is unknown.
According to Q Continuum, some extensions have privacy policies that stipulate that they collect information, but there is no reasonable reason for users to have that information collected, and users are unaware of such privacy policies, which is causing harm to users.
Q Continuum pointed out that 'while many users are aware of being monitored, they do not understand the risks or consequences of such access. Terms of use and privacy policies are often vague about this practice, leaving users unaware that they are consenting to data collection, which constitutes a privacy violation.'
v
Related Posts:
