a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.
While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser
We put so much important information/data through browsers (and smart phones for that matter), and it is becoming hard to trust third party code running on either. Trust in the publisher has become mandatory for me and the only browser plugin I run now is Bitwarden. Neither the app store operators nor the browser publishers seem to have an answer for reliably thwarting malicious actors. I don’t know what the answer is, other than developing literacy in writing browser plugins and adding functionality through my own code.
The extensions in question in case you can’t access the article.
- Blipshot (one click full page screenshots)
- Emojis - Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock für Chrome | Chrome-Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome - NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
All of these already sound shady.
Some of them also sound pointless, e.g the emoji keyboards. I know for a fact windows, macos and chromeos have inbuild emoji selectors. On linux KDE also has an selector, idk about gnome but even if it doesn’t have one there’s probably a shell exstention for that, there’s also an app called grin (or maybe smile? can’t be bothered to google rn). I literally can’t see a reason to use an web extension over those.
I had the “Page Refresh” one… disabled, but still installed. There are multiple “[Auto] [Easy] Page/Tab Refresh/Reload” extensions in the store, hard to pick one that won’t go rogue.
“Page refresh”. You mean F5 (or ctrl + r) right?
Yes, every 30 seconds, for hours on end.
Useful for many things, starting with CI/CD status panels.
A lot harder to do when it’s not on your computer. At work we have some TVs displaying a web oage full screen. I’m not gonna vnc in just to hit F5 every 30 minutes.
You can set the webpage to self refresh on interval by itself no extensions needed.
We already have it for every 20 minutes but sometimes it fails for various reasons. 30 minutes is the backup before I just reboot it.
deleted by creator
more likely they were less of a hijacked and more of a waited for enough people to use them and then proceed to the next stage of the plan.
Blipshot (one click full page screenshots)
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
