This extension contains malware! (σε Chrome Browser)

[skiabox]

Καλησπέρα στους φίλους insomniacs.

Ξαφνικά το extension 'The Great Suspender' μου έβγαλε αυτό το μύνημα :

Υπάρχει κάποια εναλλακτική λύση μιας και θα το αφαιρέσω τώρα;

Ευχαριστώ.

[naimore]

 

[jim_p]

https://www.insomnia.gr/forums/topic/431306-google-chrome-ερωτήσεις-προβλήματα-και-λύσεις/page/191/?tab=comments#comment-58452727

(copy paste γιατι βαριεμια να γραφω τα ιδια)

[snbblp]

Στις 10/2/2021 στις 4:37 ΜΜ, skiabox είπε

Καλησπέρα στους φίλους insomniacs.

Ξαφνικά το extension 'The Great Suspender' μου έβγαλε αυτό το μύνημα :

Υπάρχει κάποια εναλλακτική λύση μιας και θα το αφαιρέσω τώρα;

Ευχαριστώ.

https://github.com/greatsuspender/thegreatsuspender/issues/1263

 

[jgeorgiou]

Here’s the longer story: The Great Suspender got a new maintainer (formerly Dean Oemcke), and this unknown entity dropped a few silent updates to new builds of the extension allowing it to connect to various third-party servers and execute code. The extension suddenly started asking for new permissions as well, like an all-encompassing ability to mess with your browser’s web requests. As Github’s TheMageKing wrote in November of last year:

“That lets the extension do what it pleases, including inserting ads, blocking sites, forcible redirects.... This change was supposedly in order to enable new screenshot functionality, but that was unclear.”

They continued:

“On November 6th, @lucasdf discovered a smoking gun that the new maintainer is malicious. Although OpenWebAnalytics is a real software, it does not provide the files executed by the extension. Those are hosted on the unrelated site owebanalytics.com, which turns out to be immensely suspicious. That site is one month old, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. However, the site contains no real information other than the tracking scripts, and is only found in the context of this extension. Most importantly, the minified javascript differs significantly from that distributed by the OWA project.”

While there does exist an innocent explanation for this, I can no longer say that it is the most likely. Using the chrome web store version of this extension, without disabling tracking, will execute code from an untrusted third-party on your computer, with the power to modify any and all websites that you see. The fact that disabling tracking still works is irrelevant given the fact that most of the 2 million users of this extension have no idea that that option even exists. The fact that the code is not obvious malware is meaningless in light of the fact that it can be changed without notice, and that it is minified (human-unreadable).”