If you’ve installed any of these extensions, manually remove them stat.
Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported they were surreptitiously tracking users’ browsing history and inserting tracking code into specific ecommerce sites they visited.
The five extensions flagged by McAfee purport to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, company researchers said, the extensions kept a running list of each site a user visited and took additional actions when users landed on specific sites.
To help keep the activity covert, some of the extensions were programmed to wait 15 days after installation before beginning the data collection and code injection. The extensions McAfee identified are:
|Netflix Party 2||flijfnhifgdcbhglkneplegafminjnhn||300,000|
|FlipShope – Price Tracker Extension||adikhbfjdbjkhelbdnffogkobkekkkej||80,000|
|Full Page Screenshot Capture – Screenshotting||pojgkmkfincpdkdgjepkmdekcahmckjp||200,000|
|AutoBuy Flash Sales||gbnahglfafmhaehbdmjedfhdmimjcbed||20,000|
As of early September, all five extensions have been removed from the Chrome Web Store, a Google spokesperson said. Removing the extensions from its servers isn’t the same as uninstalling the extensions from the 1.4 million infected devices. People who have installed the extensions should manually inspect their browsers and ensure they no longer run.
Source: Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica