Ramblings of an old Doc
...(at least)...
Published on August 19, 2017 By DrJBHL In Personal Computing

 

Well, this important because there are a couple of graphics extensions and we all love graphics, right?

According to recent Proofpoint research, eight extensions for the Google Chrome web browser have been compromised by attackers, sending malicious ads to the affected users. In a report, Proofpoint explained that the authors of these extensions had their credentials stolen, allowing the attacker to take over...The attacks occurred primarily in July and August 2017, with the attackers getting the credentials through a phishing scheme, the report said. This means that victims were exposed to malicious popups and potential schemes for stealing their credentials as well...

According to the report, these eight extensions were likely compromised:

  1. Web Developer 0.4.9
  2. Chrometana 1.1.3
  3. Infinity New Tab 3.12.3
  4. CopyFish 2.8.5
  5. Web Paint 1.2.1
  6. Social Fixer 20.1.1
  7. TouchVPN
  8. Betternet VPN" - TechRepublic
Here are your "takeaways":
  1. Attackers have hijacked eight Google Chrome extensions, using them to serve malicious ads and direct users to scam services.
  2. The attack also attempts to steal credentials to hosting services—in this case Cloudflare—so that they'll be able to conduct future attacks.
  3. Users who have any of the affected extensions installed should uninstall them and be careful not to click on any ads that seem suspicious.
Source linked above.

Comments
on Aug 19, 2017

None of the above. Adblock+ is the only extension I use. 

on Aug 19, 2017

Has it's imperfections & very limited extension availability, but I'm liking Brave more & more as time goes by, at least as a 'home' browser.  FWIW.  Chrome being the big magilla, it's drawing the Willy Suttons.

on Aug 19, 2017

Not using any of those in my Chrome luckily.   

on Aug 19, 2017

lol......when will people learn?     

ALL extensions (by the nature of their being 'extensions') have the capacity to make a default (any default) browser vulnerable.  I personally have never (and won't) used an extension for a browser ever.  Then again I have also never used anything other than IE......ever.

 

As always, thanks DOC for sounding the alarm and posting the pertinent details.    

on Aug 19, 2017

You do shit the right (secure) way, Monk.  We'd all be better off if we followed your advice.

But...

If browser developers would take a look at popular (and highly useful) extensions and just build the functionality into the browser itself, would be nice.  I realize that's a long road to go down, but just sayin.

on Aug 20, 2017

Daiwa

If browser developers would take a look at popular (and highly useful) extensions and just build the functionality into the browser itself, would be nice. I realize that's a long road to go down, but just sayin.

 

Agreed, and I have to say IE 10 EDGE has impressed (me at least) with the built-in/baked-in functionality it brings to the table.  It probably doesn't mean anything to those here using many browser add-ins/ons in their browser of choice at the moment but for me IE 10 EDGE has what I need/use and more.

 

*** POST EDITED FOR CORRECTIONS ***

on Aug 20, 2017

the_Monk

Agreed, and I have to say IE 10 has impressed (me at least) with the built-in/baked-in functionality it brings to the table.  It probably doesn't mean anything to those here using many browser add-ins/ons in their browser of choice at the moment but for me IE 10 has what I need/use and more.

Do you have specific criticisms of IE11?  Or Edge?  Just curious (aside from your statement) why you've stayed with IE10.  Thx.

on Aug 20, 2017

Daiwa

Do you have specific criticisms of IE11? Or Edge? Just curious (aside from your statement) why you've stayed with IE10. Thx.

 

My apologies......  I was speaking to someone on the phone at the time I was posting my response and even though it is technically 'edge' my brain still sees it as IE.   I meant EDGE (or as my brain sees it "IE for Windows 10")   I apologize for all the confusion.

I will also edit my post above to prevent any further confusion.

Thanks Daiwa for drawing my attention to this.