{"id":489027,"date":"2022-08-30T23:22:04","date_gmt":"2022-08-30T20:22:04","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/these-5-popular-chrome-extensions-are-malware-delete-them-now\/"},"modified":"2022-08-30T23:22:04","modified_gmt":"2022-08-30T20:22:04","slug":"these-5-popular-chrome-extensions-are-malware-delete-them-now","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/these-5-popular-chrome-extensions-are-malware-delete-them-now\/","title":{"rendered":"#These 5 Popular Chrome Extensions Are Malware: Delete Them Now"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2a88fc5e31f\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2a88fc5e31f\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/these-5-popular-chrome-extensions-are-malware-delete-them-now\/#%E2%80%9CThese_5_Popular_Chrome_Extensions_Are_Malware_Delete_Them_Now%E2%80%9D\" >&#8220;These 5 Popular Chrome Extensions Are Malware: Delete Them Now&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CThese_5_Popular_Chrome_Extensions_Are_Malware_Delete_Them_Now%E2%80%9D\"><\/span>&#8220;These 5 Popular Chrome Extensions Are Malware: Delete Them Now&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-748776\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/12\/google-chrome-logo-on-a-blue-background.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Google Chrome logo on a blue background\" width=\"1200\" height=\"675\"\/><\/p>\n<p>Google Chrome extensions can super-charge your browsing experience with more features, but there have been many malicious extensions over the years. Five more bad extensions have been discovered, thanks to a recent security report.<\/p>\n<p>McAfee published a report on Monday detailing five malicious browser extensions available on the Chrome Web Store, including two \u201cNetflix Party\u201d extensions, \u201cFlipShope \u2014 Price Tracker Extension,\u201d \u201cFull Page Screenshot Capture \u2014 Screenshotting,\u201d and \u201cAutoBuy Flash Sales.\u201d Each of them had more than 20,000 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">download<\/a>s, with over 1,400,000 downloads combined.<\/p>\n<figure style=\"width: 1064px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-829643\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/08\/Clipboard-Aug-30-2022-at-3.59-PM.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Chrome Web Store listing for Full Page image Capture - imageting\" width=\"1064\" height=\"220\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\">One of the malicious extensions, which is also featured by Google.<\/figcaption><\/figure>\n<p>Each extension listens for page changes in the browser, and each time the user navigates to a new page, the extension sends the page URL to a remote server to check if affiliate revenue code can be injected. Many sites (including <em>How-To Geek<\/em>) include affiliate code in links to shopping websites, which sometimes provides them with a small cut of revenue. However, most of the offending extensions are not related to buying items at all, and they are injecting the code for <em>all<\/em> possible pages. McAfee also found evidence that some of the extensions wait 15 days after they are installed to start injecting affiliate code, presumably to avoid initial detection.<\/p>\n<p>Google has been working to crack down on malicious extensions with the new <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/intro\/\">Manifest V3<\/a> standard. Compared to the older Manifest V2 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> (which at least one of the extensions is using), Manifest V3 gives people more control over what pages extensions can access. Manifest V3 also <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/intro\/mv3-overview\/#remotely-hosted-code\">blocks remotely hosted code<\/a>, which would prevent some (but not all) of the behavior reported by McAfee.<\/p>\n<p>The most popular Netflix Party extension, which had over 800,000 users, has since been removed from the Chrome Web Store. The rest of them are still live, and \u201cFull Page Screenshot Capture\u201d still has a \u201cFeatured\u201d label on the Store. If you have any of them installed, be sure to remove them. <em>How-To Geek<\/em> has reached out to Google for comment, and we will update this article when (or if) we get a response.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.anrdoezrs.net\/links\/3607085\/type\/am\/sid\/829611-xid-{xid}\/https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users\/&amp;___trxnet=cj\">McAfee<\/a><br \/>Via: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chrome-extensions-with-14-million-installs-steal-browsing-data\/\">Bleeping Computer<\/a><\/small><\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/829611\/these-5-popular-chrome-extensions-are-malware-delete-them-now\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;These 5 Popular Chrome Extensions Are Malware: Delete Them Now&#8221; Google Chrome extensions can super-charge your browsing experience with more features, but there have been many malicious extensions over the years. Five more bad extensions have been discovered, thanks to a recent security report. McAfee published a report on Monday detailing five malicious browser extensions&#8230;<\/p>\n","protected":false},"author":1,"featured_media":489028,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2020\/12\/google-chrome-logo-on-a-blue-background.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-489027","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/489027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=489027"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/489027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/489028"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=489027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=489027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=489027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}