mood Posted January 9, 2021 Share Posted January 9, 2021 Ditch 'The Great Suspender' Before It Becomes a Security Risk Screenshot: David Murphy I’ve been a fan of The Great Suspender extension for years. Even when Google would drop new features into its Chrome browser to reduce the resources inactivate browser tabs eat up, I still trusted The Great Suspender to “inactivate” them for me to lessen the load on my system. But The Great Suspender has recently proven untrustworthy, and it’s probably time to say goodbye. Dr. Colin McMillen, lead developer at SemiColin Games, puts it succinctly: Dr. Colin McMillen @mcmillen PSA: if you use The Great Suspender chrome extension, maybe uninstall it RIGHT THE HECK NOW. It's been running possibly-intentionally-malicious code since November. (I'm immune, due to being Team Less-Than-Ten Tabs) URGENT: SECURITY: New maintainer is probably malicious · Issue #1263 · greatsuspender/thegreatsus... It occurred to me that our current discussion of this is hard to find. It is happening in #1175, the issue about the new maintainer. To summarize, the maintainer recently updated their chrome store... github.com 10:15 PM · Jan 3, 2021 Here’s the longer story: The Great Suspender has a new maintainer (formerly Dean Oemcke), and this unknown entity dropped a few silent updates to new builds of the extension allowing it to connect to various third-party servers and execute code. The extension suddenly started asking for new permissions as well, like an all-encompassing ability to mess with your browser’s web requests. As Github’s TheMageKing wrote in November of last year: “That lets the extension do what it pleases, including inserting ads, blocking sites, forcible redirects.... This change was supposedly in order to enable new screenshot functionality, but that was unclear.” They continued: “On November 6th, @lucasdf discovered a smoking gun that the new maintainer is malicious. Although OpenWebAnalytics is a real software, it does not provide the files executed by the extension. Those are hosted on the unrelated site owebanalytics.com, which turns out to be immensely suspicious. That site is one month old, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. However, the site contains no real information other than the tracking scripts, and is only found in the context of this extension. Most importantly, the minified javascript differs significantly from that distributed by the OWA project.” While there does exist an innocent explanation for this, I can no longer say that it is the most likely. Using the chrome web store version of this extension, without disabling tracking, will execute code from an untrusted third-party on your computer, with the power to modify any and all websites that you see. The fact that disabling tracking still works is irrelevant given the fact that most of the 2 million users of this extension have no idea that that option even exists. The fact that the code is not obvious malware is meaningless in light of the fact that it can be changed without notice, and that it is minified (human-unreadable).” The good news? The offending code appears to have been removed from The Great Suspender, but that doesn’t necessarily mean you should keep using it. The mysterious way the whole situation was handled by the extension’s new maintainer—and their complete silence on this matter (and everything else recently)—makes me a bit nervous that a similar situation could happen again. If nobody reports it—or if you’re not scanning the news for updates on your many browser addons—you’ll never know. Don’t set yourself up to be surprised with a potential security issue down the road. Alternatives to The Great Suspender If you’re planning to stick with The Great Suspender, you should at minimum pull up its options and disable any scuzzy analytics via the “Automatic deactivation of any kind of tracking” setting. Screenshot: David Murphy Honestly, though, you’re better off uninstalling the extension entirely and replacing it with this alternative that removes any and all tracking. It’s unclear if this variant will be maintained in order to keep it in parity with future updates to The Great Suspender, but it should work for quite some time. (In fact, a number of people suggest you simply install an older version of the original addon before it was switched over to its new, unknown maintainer.) But do you need The Great Suspender at all? As I mentioned, your modern-day browser already probably does a decent job of resource management for inactive tabs. You might be able to get away with just using your browser like you normally would, tabs and all. If you need more help than that, you have other options for reducing your open tabs and freeing up your precious system resources. I’m a big fan of OneTab and Tabs Outliner, which dump all of your open tabs into a single, easy-to-navigate screen (or sidebar). There are other extensions that limit the number of tabs you can open, a great way to preserve resources and restrain your sprawl. And if you only want a replacement for The Great Suspender, there are other extensions that perform similarly. Whatever your choice, it’s time to abandon The Great Suspender. It has served us well for years, but no king rules forever. Source: Ditch 'The Great Suspender' Before It Becomes a Security Risk Link to comment Share on other sites More sharing options...
mood Posted January 9, 2021 Author Share Posted January 9, 2021 We no longer recommend the Chrome extension The Great Suspender. Here is why! The Great Suspender is a popular Chrome extension with more than 2 million users on Google's platform alone. The extension is designed to improve the RAM use of the Chrome browser by suspending tabs manually or automatically. I reviewed The Great Suspender back in 2013 for the first time and found it to be an excellent extension for taming Chrome's RAM hunger. The extension was mentioned in several articles on this site as a recommendation, e.g. in how to handle lots of browser tabs and in how to tame Google Chrome's memory use. Why we are no longer recommending The Great Suspender The original developer of the open source extension sold the extension to an unknown entity in June 2020. It is not uncommon for extensions to get sold, and companies contact the creators of popular extensions all the time to find out if the creators are interesting in selling their extensions. Some exploit the userbases of bought extensions through various means, e.g. by adding or increasing tracking or displaying advertisement, or through semi-legal or malicious means such as injecting ads on visited pages or selling user data to other companies. The Register reports that the new owner of the extension submitted a new version of the extension to the Chrome Web Store but did not upload it to the GitHub project site. Version 7.1.8, submitted initially to the Chrome Web Store, included calls to remote scripts and used remote tracking analytics. The update did request additional permissions, including the permission to manipulate all web requests. The new owner uploaded a new version of the extension after it got suspended by Microsoft from the company's web store. The new version removed the script but it kept the extra permissions that it requested when the previous version was released. Developers analyzed the code of the extension versions and discovered additional bits of code that added more weight to the "there is something fishy going on" camp. Thibauld Colas published his analysis on GitHub, noting that the Open Web Analytics script that the extension was using, was "another application trying to pass for it". To sum it up: The Great Suspender was sold to an unknown entity in mid-2020. The new owner uploaded a new version of the extension that requested more permissions, made remote calls and used a remote analytics script. The analytics script in question raised several red flags, one developer citing that it was made to look like an analytics script only. The new owner uploaded a new version to the Chrome Web Store, removing objectionable content but keeping the new permission requests. Our recommendation We recommend that you uninstall the extension from your web browsers or switch back to using version 7.1.6 of The Great Suspender; the last version published by the original developer. If you are looking for alternatives, check out Auto Tab Discard or One Tab. Source: We no longer recommend the Chrome extension The Great Suspender. Here is why! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.