Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox:
[...] Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions.
Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation. This group also includes things such as ad blockers and security scanning.
[...] While extensions are useful, they can also introduce danger. In addition to intentionally malicious browser extensions that compromise users, legitimate offerings are also common targets for cybercriminals who look to exploit vulnerabilities in their code.
[...] In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component – those that are paid for, offer in-browser transactions and those that offer subscription services. It's a temporary measure, according to the internet giant – but one that doesn't yet have a timeline for resolution.
"Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," it said in a notice, issued Friday. "Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse."
The notice added, "We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment. Apologies for the inconvenience."
[...] Mozilla meanwhile has taken a more case-by-case tack, disabling 197 Firefox add-ons in total for a range of improper activity. This includes remote code-execution and harvesting user data. The add-ons have not only been removed from the official Mozilla Add-on (AMO) portal, but have been disabled in the browsers of existing installs.
[...] That's not to say the extensions were intentionally malicious. Mozilla's policy is that extensions that dynamically fetch code from elsewhere, legitimate or otherwise, are in violation of its content security policy.
The blocked extensions include six add-ons deemed to be executing remote code, which were developed by Tamo Junto Caixa. Tamo Junto is a banking entity that offers Brazilian microentrepreneurs online courses, video classes, articles and management tools.
Other browser extensions, like Rolimons Plus (an extension linked to the Roblox online multiplayer video game), was blocked for "collecting ancillary user data against our policies," while others (unnamed in the bug ticket) were banned for "showing malicious behavior on third-party websites." Still others, including three unnamed add-ons, were determined to be "fake premium products."
We just need an add-on to tell if you have any 'bad' add-ons.
(Score: 1, Disagree) by Anonymous Coward on Tuesday January 28 2020, @02:52PM (14 children)
its just not worth it.
(Score: 5, Insightful) by ikanreed on Tuesday January 28 2020, @02:54PM (1 child)
What kind of non adblock using psychopath would say such a thing?
(Score: 5, Insightful) by takyon on Tuesday January 28 2020, @03:01PM
A Lynx user.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Arik on Tuesday January 28 2020, @02:58PM (11 children)
Browser makers used to be happy to make a useful tool. Now they seem to be dead-set on controlling users instead.
If they really cared about protecting people, they certainly wouldn't allow ecmascript by default.
If laughter is the best medicine, who are the best doctors?
(Score: 4, Touché) by FatPhil on Tuesday January 28 2020, @03:03PM (8 children)
Wait, waaaaat?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Bot on Tuesday January 28 2020, @03:07PM (1 child)
Went to comment about the same thing, not disappointed.
Account abandoned.
(Score: 2) by FatPhil on Wednesday January 29 2020, @07:42PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Insightful) by Arik on Tuesday January 28 2020, @03:11PM (5 children)
They don't. They want us to trust them to judge which extensions are malicious when they've proven they don't have that kind of judgement in regards to their core code?
Well, maybe they don't. Maybe they just want to make the web so bad that people will willingly give it up, and then they can move in and save everyone by reinventing TV over IP to replace it.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Interesting) by Anonymous Coward on Tuesday January 28 2020, @06:13PM (3 children)
I gave up on it a long time ago. Cool sideeffect of the webappification is that I now have all the neat remote JSON APIs I can use to pull all the data neccesary to get the content into my own UI. I don't really need their webapp.
(Score: 3, Interesting) by Arik on Tuesday January 28 2020, @07:25PM (2 children)
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Wednesday January 29 2020, @04:20PM
Yea, but it's per site so it would need some sort of generic interface which I don't have. Most of the sites wouldn't be of interest to other people, but yes I get your point and I will keep it in mind to make stuff usable for others.
Meanwhile there are projects doing something similar (Weboob [weboob.org]) and has a more modular approach than I (mine is C spaghetti code).
Also Nitter and Invidious makes it nicer to read two crappy bigtech websites.
(Score: 2) by FatPhil on Wednesday January 29 2020, @07:45PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday January 28 2020, @10:41PM
Try loading a plugin locally on Chrome these days. Pain in the ass.
If I want to download someone's extension from their website to load into the web browser on my computer then that is my business.
Adding a virus scanner (?) was going too far.
Dictating what software I can use is worse.
(Score: 2, Funny) by Anonymous Coward on Tuesday January 28 2020, @04:58PM
I suppose you'd be ok with vimscript though?
(Score: 0) by Anonymous Coward on Tuesday January 28 2020, @07:06PM
Nope. They're dead-set on a successful fishing expedition.
(Score: 5, Funny) by DannyB on Tuesday January 28 2020, @03:25PM
I'm good as long as I can still run systemd in my browser under a JS implementation of a PC emulator booting Linux.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2, Insightful) by Anonymous Coward on Tuesday January 28 2020, @06:07PM
Too bad I still need an extension to enforce that policy on websites.
(Score: 0) by Anonymous Coward on Wednesday January 29 2020, @11:48AM (1 child)
I hope they plan on blocking the new extension Microsoft is rolling out to Office 365 users, that hijacks your search engine settings to send you to bing.
(Score: 0) by Anonymous Coward on Wednesday February 05 2020, @10:13PM
We're still taking bets that MS will be taken to the cleaners, again, for this. Wait and see.