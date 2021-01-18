from the problem-and-solution dept.
A new breed of malicious Mozilla Firefox and Google Chrome extensions uses techniques to make their removal much more difficult.
Malwarebytes revealed in a blog post how these extensions block user access to the add-on management page of the browser and therefore removal from within the browser.
The Chrome extension Tiempo en colombia en vivo was available on the official Chrome Web Store but was distributed mostly on third-party websites.
The browser extension monitors open tabs while it runs. If the user opens chrome://extensions/, it will redirect the request to chrome://apps/?r=extensions automatically. This is done so that the user cannot remove the extension as it is not listed on the apps page.
The Firefox add-on FF Helper Protection shows similar traits. It monitors open tabs for the string about:addons to close the tab automatically if it is found.
Both extensions have in common that they prevent users from accessing the add-on management interface of the browser.
The article includes detailed instructions on how to remove the malicious Mozilla Firefox and Google Chrome extensions.
(Score: 3, Interesting) by Bot on Monday January 22, @12:18PM
i guess having the extensions page load with disabled extensions is a quick fix, the only prob being accessibility extensions that could be actually useful there
(Score: 1, Interesting) by Anonymous Coward on Monday January 22, @01:11PM (5 children)
All of this wouldn't matter if extensions were manually reviewed. Too bad Google never did this, relying on inaccurate heuristics (if we believe them, they probably don't even have that in reality) and Mozule decided to abandon because the Google cargocultists demanded it as part of their ongoing chromonification.
(Score: 2) by Pino P on Monday January 22, @02:50PM (3 children)
Who would pay for the review of each extension? If Google, then where would Google get the money? Even if ad revenue from Search is enough to keep Search, Chromium, and the present Chrome Web Store alive, it might not be enough to fund the manual review that you recommend.
Or would you prefer a situation more like that of the iOS App Store, where your favorite legitimate extension would be removed from Chrome Web Store because their developers could no longer afford the $99 per year fee to continue to publish an extension that brings in no direct revenue?
(Score: 3, Informative) by Grishnakh on Monday January 22, @03:04PM (1 child)
Well, Google already funds and produces the Chrome browser for free, so obviously they're getting some very significant business benefit from making what is now the world's most popular browser. The same benefit should pay for doing some better review of apps on the Chrome store.
(Score: 2) by Pino P on Monday January 22, @07:15PM
My hypothesis is that though this "very significant business benefit" exists, it isn't large enough to justify spending money on clearing out the inevitable backlog that a change from automatic to manual review would entail without some additional revenue source.
(Score: 1, Touché) by Anonymous Coward on Monday January 22, @09:04PM
"How would a multi-fucktillion dollar business fund something"
Yeah, I wonder.
(Score: 2) by Arik on Monday January 22, @04:36PM
Naïve and wrong.
Manual review is an obvious step to take, but it's no cure-all.
"Unix? These savages aren't even circumcised!"
(Score: 4, Touché) by J_Darnley on Monday January 22, @01:19PM (3 children)
What? Didn't Mozilla nuke all their old extensions because they were "unsafe" and would let you use the browser in a manner not sanctioned by them? I thought the new, great, newest feature clone of Chrome was supposed to be the safest thing ever by letting you do nothing with the browser.
(Score: 1) by higuita on Monday January 22, @05:05PM
yes, and when installing, you are asked a list of permissions that the addon can do... that list need to be more friendly, but the user is allowing the add-on to mess with the browser
also, permitting the access to the add-on is probably a bug... it may be a regular internal page, but it should be excluded from the add-on exactly because of this.
In the past, you had no way to block this, but now you/mozilla can change the code and block this without breaking other add-ons
(Score: 0) by Anonymous Coward on Monday January 22, @06:35PM (1 child)
The new extensions are actually safer but not perfect. The old Firefox way gave access to everything. The sandbox control is finer grained in the new system. The extensions system has long been a mess. Extensions often are to fix the flaws with the browser itself like making it easy to block javascript and manage this, things that the browser should be doing, and fix idiotic UI design that the browser should fix itself.
WebExtensions extensions do things which are useful, they are able to implement functionality
(Score: 0) by Anonymous Coward on Monday January 22, @07:18PM
And yet we have not seen extensions pull this with the XUL system, for whatever reason.
Never mind that this would probably not be a problem if Firefox had treated addon management as a window and not a web page.
(Score: 0) by Anonymous Coward on Monday January 22, @02:30PM
The first time I needed to find some settings in Firefox I actually had to search for it online before I found that stupid about page. In the old days, I would just click somewhere at the top of the browser and some helpful menu would show up where I could find everything I needed. Seems they recovered from that mistake as its now at least loadable from the menus again.
