Google Chrome is among the most popular web browsers worldwide. One of the reasons for the Google browser’s popularity is its support for multiple extensions that help boost productivity. A new report by McAfee claimed to have found five Google Chrome extensions that were stealing users’ browsing data. These five extensions have been downloaded over 1.4 million times.
The report claimed that these extensions offered the promised functionality but by no means made it notably visible to users about the malicious activity of collecting their browsing activity data. Let’s take a look at more details about the five Google Chrome extensions caught capturing user browsing data.
These Google Chrome Extensions Were Stealing Your Data
The McAfee report claimed that it found five Google Chrome Extensions with over 1.4 million downloads collecting user browsing data. These extensions include Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension and AutoBuy Flash Sales. Netflix Party and Netflix Party 2 were the most downloaded of the five extensions. Netflix Party has over 800,000 downloads, whereas Netflix Party 2 Chrome Extension has over 300,000 downloads.
The report claimed that these extensions loaded a multifunctional script that sends the browsing data to a domain that is controlled by the attackers. Users’ browsing data is sent to this domain every time they visit a new URL. The information included the user ID, device location, country, zip code, and an encoded referral URL.
If any of the visited URLs match any of the listed websites for which the author of the extension has an active affiliate account, the server would respond by inserting the malicious multifunctional script on the visited website. Alternatively, it would also modify a cookie or replace it with the provided one to perform certain actions.
Netflix Play, Netflix Play 2 and AutoBuy Flash Sales have been removed from the Play Store. However, the other two extensions are still available for download.