Chrome extensions add utility to an already extremely useful Google Chrome browser. Unfortunately though, just like any other type of downloadable app or file, we need to be careful when installing them on our devices. We recently covered a fake Chrome extension that masqueraded as a plug-in for a popular Windows app. Today, however, we bring you news of various extensions that are secretly tracking their users’ browser activity.
McAfee cybersecurity researchers have discovered five Google Chrome extensions that when installed in chrome secretly monitor user web activityY. Also, every time the user visits e-commerce websites, secretly add affiliate cookies to make it look like they came to the website through a referral for which the scammer receives a fee.
Unfortunately, as McAfee reportsthese extensions have been downloaded more than 1.4 million times each other and offer a variety of different features, all designed to lure unsuspecting victims. These include allowing multiple users to watch Netflix together, take website screenshots, and take advantage of website coupon savings. The complete list of fake extensions highlighted by McAfee, complete with the number of installs they’ve received and their extension IDs so you can check if you have them installed on your version of Chrome or not they are as follows:
Netflix party with 800,000 installs
mmnbenehknklpbendgmgngeaignppnbe
Netflix Party 2 with 300,000 installs
flijfnhifgdcbhglkneplegafminjnhn
FlipShop Price Tracker Extension with 80,000 installations
adikhbfjdbjkhelbdnffogkobkekkkej
Full page screenshot Screenshot with 200,000 installs
pojgkmkfincpdkdgjepkmdekcahmckjp
Auto buy flash sales with 20,000 installations
gbnahglfafmhaehbdmjedfhdmimjcbed
Unfortunately, this news clearly indicates that you can’t trust a chrome extension simply because it already has a lot of installs. You should perform additional checks to ensure that you will not fall victim to a scam. This means always checking the permissions these apps ask for when you are installing them. If something seems out of place, you should further investigate the extension itself and alternative extensions to see what kind of permissions they are requesting.
In other Chrome cybersecurity news, if you haven’t updated Chrome recently, you probably should now, as Google has been patching some serious security flaws.
