Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday January 28 2020, @02:19PM   Printer-friendly
from the batten-down-the-hatches dept.

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox:

[...] Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions.

Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation. This group also includes things such as ad blockers and security scanning.

[...] While extensions are useful, they can also introduce danger. In addition to intentionally malicious browser extensions that compromise users, legitimate offerings are also common targets for cybercriminals who look to exploit vulnerabilities in their code.

[...] In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component – those that are paid for, offer in-browser transactions and those that offer subscription services. It's a temporary measure, according to the internet giant – but one that doesn't yet have a timeline for resolution.

"Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," it said in a notice, issued Friday. "Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse."

The notice added, "We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment. Apologies for the inconvenience."

[...] Mozilla meanwhile has taken a more case-by-case tack, disabling 197 Firefox add-ons in total for a range of improper activity. This includes remote code-execution and harvesting user data. The add-ons have not only been removed from the official Mozilla Add-on (AMO) portal, but have been disabled in the browsers of existing installs.

[...] That's not to say the extensions were intentionally malicious. Mozilla's policy is that extensions that dynamically fetch code from elsewhere, legitimate or otherwise, are in violation of its content security policy.

The blocked extensions include six add-ons deemed to be executing remote code, which were developed by Tamo Junto Caixa. Tamo Junto is a banking entity that offers Brazilian microentrepreneurs online courses, video classes, articles and management tools.

Other browser extensions, like Rolimons Plus (an extension linked to the Roblox online multiplayer video game), was blocked for "collecting ancillary user data against our policies," while others (unnamed in the bug ticket) were banned for "showing malicious behavior on third-party websites." Still others, including three unnamed add-ons, were determined to be "fake premium products."

We just need an add-on to tell if you have any 'bad' add-ons.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Funny) by Anonymous Coward on Tuesday January 28 2020, @04:58PM

    by Anonymous Coward on Tuesday January 28 2020, @04:58PM (#950129)

    I suppose you'd be ok with vimscript though?

    Starting Score:    0  points
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  

    Total Score:   2