Chrome extensions with 1.4 million installs secretly track visits and enter codes

Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported that they were surreptitiously tracking users’ browsing history. and insert tracking codes into the specific e-commerce websites they visited.

Five extensions flagged by McAfee purportedly provides various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, the extensions keep an active list of each website a user has visited, and take additional actions when a user visits the site, the company’s researchers say. specific websites.

The extensions sent the name of each website visited to the d.langhort.com website specified by the developer, along with a unique identifier and the accessing device’s country, city, and zip code. access. If the visited site matches the list of e-commerce sites, the developer’s domain instructs the extensions to insert JavaScript into the visited page. The code modified the cookies for the site so that extension authors received affiliate payments for any items purchased.

To help maintain operational secrecy, some extensions have been programmed to wait 15 days after installation before starting to collect data and insert code. The extensions that McAfee has identified are:

As of Wednesday, all five extensions have been removed from the Chrome Web Store, a Google spokesperson said. Removing the extension from its servers is not the same as uninstalling the extension from the 1.4 million infected devices. Those who have installed extensions should check their browsers manually and make sure they are no longer running.