A new breed of malicious Mozilla Firefox and Google Chrome extensions uses techniques to make their removal much more difficult.
Malwarebytes revealed in a blog post how these extensions block user access to the add-on management page of the browser and therefore removal from within the browser.
The Chrome extension Tiempo en colombia en vivo was available on the official Chrome Web Store but was distributed mostly on third-party websites.
The browser extension monitors open tabs while it runs. If the user opens chrome://extensions/, it will redirect the request to chrome://apps/?r=extensions automatically. This is done so that the user cannot remove the extension as it is not listed on the apps page.
The Firefox add-on FF Helper Protection shows similar traits. It monitors open tabs for the string about:addons to close the tab automatically if it is found.
Both extensions have in common that they prevent users from accessing the add-on management interface of the browser.
The article includes detailed instructions on how to remove the malicious Mozilla Firefox and Google Chrome extensions.
(Score: 4, Touché) by J_Darnley on Monday January 22 2018, @01:19PM (3 children)
What? Didn't Mozilla nuke all their old extensions because they were "unsafe" and would let you use the browser in a manner not sanctioned by them? I thought the new, great, newest feature clone of Chrome was supposed to be the safest thing ever by letting you do nothing with the browser.
(Score: 1) by higuita on Monday January 22 2018, @05:05PM
yes, and when installing, you are asked a list of permissions that the addon can do... that list need to be more friendly, but the user is allowing the add-on to mess with the browser
also, permitting the access to the add-on is probably a bug... it may be a regular internal page, but it should be excluded from the add-on exactly because of this.
In the past, you had no way to block this, but now you/mozilla can change the code and block this without breaking other add-ons
(Score: 1, Insightful) by Anonymous Coward on Monday January 22 2018, @06:35PM (1 child)
The new extensions are actually safer but not perfect. The old Firefox way gave access to everything. The sandbox control is finer grained in the new system. The extensions system has long been a mess. Extensions often are to fix the flaws with the browser itself like making it easy to block javascript and manage this, things that the browser should be doing, and fix idiotic UI design that the browser should fix itself.
WebExtensions extensions do things which are useful, they are able to implement functionality
(Score: 0) by Anonymous Coward on Monday January 22 2018, @07:18PM
And yet we have not seen extensions pull this with the XUL system, for whatever reason.
Never mind that this would probably not be a problem if Firefox had treated addon management as a window and not a web page.