500 Chrome extensions secretly uploaded private data from millions of users

Extensions were part of a long-running ad-fraud and malvertising network.



More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.


The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions.


Read More...


Courtesy of Ars Technica

Article Author: Dan Goodin



This website uses cookies to ensure you get the best experience. Click here to learn more.