If You’re Using These Browser Extensions Uninstall Them ASAP, They’re Stealing Your Data
Not all browser extensions are used for good. It was recently discovered that several Chrome and Firefox browser extensions were stealing data from individual users and corporations. The data included everything from passwords to genetic information.
Sam Jadali of securitywithsam.com revealed that the following browser extensions were leaking data:
Chrome Extensions
The extensions were rather sneaky and employed a variety of tactics to avoid discovery. Some of the extensions would wait 24 hours after installation to begin siphoning data. The extensions also continued to share data with third parties even after they had been disabled and removed from their marketplaces.
Shared links were the main key to the data leak. For example, many companies will use Zoom or Skype to host virtual meetings. The meeting organizer will send a unique invite link URL to other participants. The extensions allowed third-parties to eavesdrop on private company meetings. Other sites like 23andMe and iCloud also allow users to share information with links. The extensions were therefore able to collect and sell users’ ancestry, DNA, and other biomedical information, iCloud photos, and users’ iCloud account information.
It was also recently revealed that websites were able to track Chrome users who were using Incognito Mode. According to Google, their FileSystem API is disabled in when a user is in Incognito Mode. Websites are able to check for the availability of the FileSystem API and deliver a different experience to the user if the website receives an error message. Google promises that this kind of behavior will not be allowed in Chrome 76.
If you have been affected by this latest leak, you should disable and/or uninstall these extensions, review your account activity, and change your log-in information. Always read the fine print. Unfortunately users need to be wary of extensions that even pop up in reputable and official marketplaces.
Sam Jadali of securitywithsam.com revealed that the following browser extensions were leaking data:
Chrome Extensions
- Branded Surveys
- HoverZoom
- Panel Community Surveys
- PanelMeasurement
- SpeakIt!
- SaveFrom.net Helper
- FairShare Unlock
- SuperZoom
The extensions were rather sneaky and employed a variety of tactics to avoid discovery. Some of the extensions would wait 24 hours after installation to begin siphoning data. The extensions also continued to share data with third parties even after they had been disabled and removed from their marketplaces.
Flow chart from Sam Jadali via securitywithsam.com
Shared links were the main key to the data leak. For example, many companies will use Zoom or Skype to host virtual meetings. The meeting organizer will send a unique invite link URL to other participants. The extensions allowed third-parties to eavesdrop on private company meetings. Other sites like 23andMe and iCloud also allow users to share information with links. The extensions were therefore able to collect and sell users’ ancestry, DNA, and other biomedical information, iCloud photos, and users’ iCloud account information.
It was also recently revealed that websites were able to track Chrome users who were using Incognito Mode. According to Google, their FileSystem API is disabled in when a user is in Incognito Mode. Websites are able to check for the availability of the FileSystem API and deliver a different experience to the user if the website receives an error message. Google promises that this kind of behavior will not be allowed in Chrome 76.
If you have been affected by this latest leak, you should disable and/or uninstall these extensions, review your account activity, and change your log-in information. Always read the fine print. Unfortunately users need to be wary of extensions that even pop up in reputable and official marketplaces.
