Jump to content

Google pulls Chrome Web Developer extension over ad-injecting


Batu69

Recommended Posts

Google just pulled another Chrome extension from the official Chrome web store after it found out that the extension started to inject advertisement into sites user visited in the web browser.

 

A 404 not found error is displayed when you open the Chrome web store presence of the Web Developer extension right now.

The extension had a rating of 4.5 stars (out of five), and more than 3000 user ratings before it was pulled from the store.

The description of the extension read:

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox.

Web Developer is a popular add-on for the Firefox that has nearly 300000 users and a five star rating on the Mozilla Add-ons website.

 

web developer ad inject

 

The last updates of the Chrome version of the extension date back to February. Considering this, it is possible that the extension was hijacked by a third-party and modified in the process to display advertisement on websites in Chrome.

 

While Google blocked the installation of the extension by deleting it from the Chrome Web Store, users who have installed the extension already are still exposed to the issue.

 

It is recommended to remove the Web Developer extension for Chrome immediately, or at least disable it, to avoid this issue.

Please note that the circumstances are still unclear right now. If you want to be on the safe side, it is suggested to remove the browser extension from Google Chrome.

 

Neither the Firefox nor the Opera extension appear to have been hijacked. The last Firefox update dates back to April 2017 on Mozilla AMO, and there are no user reports that the add-on started to inject advertisement all of a sudden.

 

This is not be the first case of Chrome extensions being abused for malicious activities. The popular Copyfish extension was hijacked by attackers as well last month.

Google uses automated security scans to test extensions for malicious content. It appears that those don't work as well though, considering that third-parties with malicious intent may modify the extensions to inject ads on sites without any alarm bells going off.

 

This is different from Mozilla AMO, the official Firefox add-on repository. All add-ons are vetted by human editors before they are listed in the store.

 

Article source

Link to comment
Share on other sites


  • Replies 7
  • Views 1.2k
  • Created
  • Last Reply

web developer extension ad.jpg

its still accessable.:huh:

Link to comment
Share on other sites


LOL and Mozilla thanks that webextensions are safer .. This is nothing new for Google they been allowing  malicious extensions too get in there store for years  even fake ones . Even Firefox  has some like Popup Blocker Ultimate the dev sent out political messages through it before and he begs for money on every update he can spam you with any message he wants .. Shame is he made a good addon and ruin it with his malicious actions.

 

A lot of those vpn extensions do the same thing but instead showing you ads they collect  you're data and sell it and Google collects you're data from Chrome itself and sells it they are ad company as in adware. there are many data collecting  extensions for both browsers some have opt outs and some don't and both browsers have data mining baked in . Google pays Mozilla too bake in there data mining services . Google and others pay many other freeware and shareware apps as well too bake in there data mining services. Welcome too the internet were just because you can't see it with the naked eye dont mean it's not there. Even some free vpns has turned people pcs into botnets you never know what a extension may be up too.

 

People are so blind for the forest they can't see the trees just because you can't see ads don't mean a program is not malicious. Like Popup Blocker Ultimate the DEV has access to you're browser anytime he wants and what make extensions dangerous  they are installed in web browsers were you have too allow internet through you're firewall too use  . :P

Link to comment
Share on other sites


10 minutes ago, 0bin said:

Have screenshot of money requests?

read comments over at  AMO

https://addons.mozilla.org/en-US/firefox/addon/popup-blocker-ultimate/?src=search

Here is a example  of why you can't trust  any software sometimes it's not  only the vendors collecting data .
 

Quote


NSA Collects MS Windows Error Information

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports:

    One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.

    When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

    The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.

    Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant. In one internal graphic, they replaced the text of Microsoft's original error message with one of their own reading, "This information may be intercepted by a foreign sigint system to gather detailed information and better exploit your machine." ("Sigint" stands for "signals intelligence.")

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit? Microsoft won't have the incentive to examine and fix problems until they happen broadly among its user base. The NSA has a completely different incentive structure.

I don't remember this being discussed back in 2013.

 

https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html

 

Link to comment
Share on other sites


Just now, 0bin said:

I been blocking Windows error reporting since the old XP days even years before Der Spiegel reported it . And I been warning people about Google being spies  long before they made Google Chrome  even ..  :)

Link to comment
Share on other sites


10 minutes ago, 0bin said:

Google want you see ads :) Because ads is good s...

Ads are good for them because that's there cash cow and in a sense there good for the internet as a whole because ads are what keeps free services running  if it were not for ads the WWW would be wall to wall paywall  but in a free world we should have a choice if we want too see ads  or not . Back when i 1st came on the internet most everyone used IE and adblockers were not easy too find like they are now and that's what these big companies want too do is force us too see ads  again like it were 2001  again .

Link to comment
Share on other sites


4 minutes ago, 0bin said:

The thing of facebook as system app then, end of July facebook app has a bug and many users complained. And those payed idiots by facebook at samsung keep doing that more and more.

For years i used Trillian IM with cracks to get rid of ads and i used other IMs with cracks for the same reason .. This is nothing new just it's new too Facebook.. So what is old is new again and I don't be on Facebook no more since 2011 and I switched too a open source IM  with no ads and end to end encryption so ive not seen a ad in chat in years lol.

Link to comment
Share on other sites


Just now, 0bin said:

Without facebook people are more happy, there is a heavy mental conditioning done by the like button and share. Everyone should look happy and with friends, but I don't care what other thinks, one time I contacted Mark Z on his profile but didn't reply to me. I asked him why I cannot change my name, and then they changed. Sometime I see some faces on profile saying share something! or you know this from .... never seen people...lol

only social site i join in recent years is reddit.com because they dont care if you use a throw away name  and most of the time i never login  i just read without logging in ..I learn what i need too know from reading lol.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...