Despite the fact that we continue to have bad actor Chrome extensions pop up in the Web Store, Google has done a ton to mitigate it over the past year. From adding new requirements for how developers must use your data to adding a seal of approval for anyone who respects that data and doesn’t misuse or sell it, the Web Store is no longer the wild west it once was.
However, today, McAfee Labs discovered that five malicious cookie stuffing extensions which have been installed over 1.4 million times are currently a danger to you and anyone else who still has them on their system.
An extension called “Netflix Party” – not to be confused with the real Netflix Party, as well as Netflix Party 2, FlipShope – Price Tracker Extension, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales are all guilty of logging and stealing several personal details of any victim who may have installed them.
You can get a full breakdown of exactly how they scrape your data over on the McAfee blog where they go into the technical details, but what you need to know is that your country, city, zip code, precise location (really, the location of your device, but your device is commonly on your person or in your home), and more have been forwarded to the attackers as a .JSON file which allows these details to be read as plain text!
Here are the culprits along with their extension ID. Each one has between 80,000 and 200,000 installs, which in and of itself is just mind-blowing. It doesn’t matter how much Google does to solve the issue of malicious extensions, because if a user doesn’t check the reviews, check the privacy practices and developer name of something before installing it, they will still find themselves victims of such attacks.
- Netflix Party – Extension ID: mmnbenehknklpbendgmgngeaignppnbe
- Netflix Party 2 – Extension ID: flijfnhifgdcbhglkneplegafminjnhn
- FlipShope – Price Tracker Extension – Extension ID: adikhbfjdbjkhelbdnffogkobkekkkej
- Full Page Screenshot Capture – Screenshotting – Extension ID: pojgkmkfincpdkdgjepkmdekcahmckjp
- AutoBuy Flash Sales – Extension ID: gbnahglfafmhaehbdmjedfhdmimjcbed
At this time, the “Full Page Screenshot” and “FlipShope” extensions are still able to be installed by unsuspecting users, but the Netflix Party ones have been removed from the Web Storey by Google. However, if you have any of these installed on your Chromebook or Chrome Browser, please remove them immediately!