• progress_activity cloud_sync

    Reconnection to the server…

    Movim cannot talk with the server, please try again later


    • Public subscriptions

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

  • Register Login

    Movim

    movim.chatterboxtown.us


  • group_work rss_feed
    add Follow

    ArsTechnica

    • Ar chevron_right

      Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs

      news.movim.eu / ArsTechnica • 11 April 2025 • 1 minute

    Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed it and that the developer has taken pains to carefully conceal.

    The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs, and execute scripts. In more detail, the permissions are:

    • Tabs: manage and interact with browser windows
    • Cookies: set and access stored browser cookies based on cookie or domain names (ex., "Authorization" or "all cookies for GitHub.com")
    • WebRequest: intercept and modify web requests the browser makes
    • Storage: ability to store small amounts of information persistently in the browser (these extensions store their command & control configuration here)
    • Scripting: the ability to inject new JavaScript into web pages and manipulate the DOM
    • Alarms: an internal messaging service to trigger events. The extension uses this to trigger events like a cron job as it can allow for scheduling the heartbeat callbacks by the extension
    • <all_urls>: This works in tandem with other permissions like webRequest, but allows for the extension to be functionally interact all browsing activity (completely unnecessary for an extension that should just look at your installed extensions

    These sorts of permissions give extensions the ability to do all sorts of potentially abusive things and, as such, should be judiciously granted only to trusted extensions that can’t perform core functions without them.

    Read full article

    Comments

    • tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions

    • Pictures 3 image

    • visibility
    • visibility
    • visibility
    • Ar chevron_right

      Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs

      news.movim.eu / ArsTechnica • 11 April 2025 • 1 minute

    Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed it and that the developer has taken pains to carefully conceal.

    The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs, and execute scripts. In more detail, the permissions are:

    • Tabs: manage and interact with browser windows
    • Cookies: set and access stored browser cookies based on cookie or domain names (ex., "Authorization" or "all cookies for GitHub.com")
    • WebRequest: intercept and modify web requests the browser makes
    • Storage: ability to store small amounts of information persistently in the browser (these extensions store their command & control configuration here)
    • Scripting: the ability to inject new JavaScript into web pages and manipulate the DOM
    • Alarms: an internal messaging service to trigger events. The extension uses this to trigger events like a cron job as it can allow for scheduling the heartbeat callbacks by the extension
    • <all_urls>: This works in tandem with other permissions like webRequest, but allows for the extension to be functionally interact all browsing activity (completely unnecessary for an extension that should just look at your installed extensions

    These sorts of permissions give extensions the ability to do all sorts of potentially abusive things and, as such, should be judiciously granted only to trusted extensions that can’t perform core functions without them.

    Read full article

    Comments

    • tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions

    • Pictures 3 image

    • visibility
    • visibility
    • visibility
    • Ar chevron_right

      Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs

      news.movim.eu / ArsTechnica • 11 April 2025 • 1 minute

    Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed it and that the developer has taken pains to carefully conceal.

    The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs, and execute scripts. In more detail, the permissions are:

    • Tabs: manage and interact with browser windows
    • Cookies: set and access stored browser cookies based on cookie or domain names (ex., "Authorization" or "all cookies for GitHub.com")
    • WebRequest: intercept and modify web requests the browser makes
    • Storage: ability to store small amounts of information persistently in the browser (these extensions store their command & control configuration here)
    • Scripting: the ability to inject new JavaScript into web pages and manipulate the DOM
    • Alarms: an internal messaging service to trigger events. The extension uses this to trigger events like a cron job as it can allow for scheduling the heartbeat callbacks by the extension
    • <all_urls>: This works in tandem with other permissions like webRequest, but allows for the extension to be functionally interact all browsing activity (completely unnecessary for an extension that should just look at your installed extensions

    These sorts of permissions give extensions the ability to do all sorts of potentially abusive things and, as such, should be judiciously granted only to trusted extensions that can’t perform core functions without them.

    Read full article

    Comments

    • tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions tagbiz & it tagbiz & it tagbiz & it taggoogle taggoogle taggoogle tagsecurity tagsecurity tagsecurity tagchrome tagchrome tagchrome tagchrome web store tagchrome web store tagchrome web store tagextensions tagextensions tagextensions

    • Pictures 3 image

    • visibility
    • visibility
    • visibility
  • cloud_queue

    Powered by Movim