XplornetSUCKS  

Go Back   XplornetSUCKS > News
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 01-18-2014, 12:15 PM
buttitchi buttitchi is offline
offline "Global Moderator" Retired
 
Join Date: Feb 2008
Posts: 210
Default Chrome extensions become malicious(jan 2014)

How much do you trust your extensions(add-ons) in your browser?

There are extensions where you can slightly tweak privacy permissions, while others are nasty and don't always fully disclose what they collect or do.

When ads start showing up or a mysterious Operating System infection, and malware scans show clean(until they realize the new attack vectors), you can look at your browser extensions for a clue.

A decade ago, Internet Explorer was so easy to exploit when it had its default settings. Which is why other browsers can along with better security practices. The unfortunate part is where add-ons become the normal to enrich your Internet experience and people don't pay attention to what they are adding.


http://arstechnica.com/security/2014...illed-updates/
Quote:
One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.
__________________
Hi Diddly Ho, Good Neighborino
Reply With Quote
  #2  
Old 01-18-2014, 07:47 PM
Brad R Brad R is offline
Linux Member
 
Join Date: Apr 2007
Location: Ontario
Posts: 605
Default

Hah. Thanks for that link. I've always been a little bit suspicious of extensions; I use very few of them, and I don't let them automatically update themselves. Also, my primary browser is Opera, which is sufficiently small (I think 1-2 % market share) that it's not a target.
__________________
4G Fixed Wireless Formerly Echostar 17 "Jupiter"; Rogers Rocket Hub; Everus 3.5 GHz Wireless; Telesat Kazam plan; HughesNet Ku.
A computer without Windows is like a chocolate cake without mustard. http://www.goodbyemicrosoft.net
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 04:58 AM.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.