Popular Google Chrome extensions might’ve been spying on us
A total of 70 Google Chrome extensions have been found to be stealing private data from their users.
Chrome is by far the most popular web browser in the world, although if its millions of users knew how little privacy it offers, it surely wouldn’t cost them much to make the switch and start using another one.
Even if you don’t care much about your online privacy , you’ll be concerned to know that some Google Chrome extensions have just been discovered to have been spying on their users and have even stolen and sent personal information such as passwords to the creators of the extensions.
As reported from Reuters , that has been due to the presence of malware discovered by Awake Security, which in turn has reported this to Google. That has caused a total of 70 extensions to be removed from the Chrome store, although the names have not been released.
These extensions had been downloaded up to 32 million times, as they promised very attractive services: offering protection to their users from dangerous web pages or, also, converting files into other formats.
Unfortunately, antivirus software seems to have been unable to detect these extensions as malware . This is due to their very convoluted way of working by using some 15,000 different websites bought by hackers linked to each other.
This is not the first time throughout this year that Google Chrome has presented a security problem of this type. In February, something similar happened with 71 extensions publishing private browsing data. In the end, 500 extensions were removed from the store.
When Reuters questioned Google about how its system had failed to detect this spyware , the company declined to speak about it. Spokesman Scott Westover did explain his process when they detect such addons.
“When we are alerted that some extensions to the Web Store are contrary to our policy, we take action and use these incidents to learn and improve in our automatic and manual analyzes,” Westover told Reuters.
He also added that they sweep to find extensions that are using similar techniques, code, or behavior. Clearly, these sweeps are not entirely effective and it ends up being the responsibility of the users to be vigilant.
From Tech today world, we recommend installing an extension only if it is strictly necessary and, even on these occasions, it is advisable to investigate and make sure that they are safe to use. Once you don’t need it anymore, you should remove it from Chrome.
If you have never checked the extensions you have installed, go to the settings by copying and pasting chrome: // extensions in the search bar. You can also click on the three dots, followed by ‘More tools’ and ‘Extensions’. Delete all those that you no longer need or use.
In addition to this, we recommend that you install some security software to protect your devices. Another option is to directly use another web browser.