It goes without saying that Google Chrome is one of the most popular web browsers in the world right now. One thing that makes it stand out from the million browsers out there are Google Chrome extensions. With the usage of extensions, the possibilities for Chrome users are endless. However, with great power, comes great responsibility, and some of these extensions may have recently taken that for granted.
McAfee, the hyper-popular security company, has recently reported something that poses a grave danger to your digital privacy. As per the report, some Google Chrome extensions are using cookies to track your activity. Following the research from McAfee, we present five such Google Chrome extensions. You should avoid these if you want to browse safely and securely.
What are these Google Chrome Extensions?
According to a study by McAfee on their official website, 5 Google Chrome extensions are listed as accessible on the Chrome Web Store. However, the report claims that these extensions were created by Google and have had a total of 1.4 million downloads.
These subjected extensions include:
It is a browser add-on for having cinematic sessions with anyone while watching Television remotely. Your favourite streaming services get group chat and video playback synchronisation.
Netflix Party 2
Another extension of the same Netflix Party.
FlipShope – Price Tracker
It has online shopping features, including Auto Apply Coupon, Flash Sale Auto Buy, Deals, and Price Watch. It automatically locates and uses coupons with only one click. Includes Auto Buy, Price Graph, Compare, and many more features.
Full Page Screenshot Capture
It consistently and completely captures a snapshot of your current website without demanding any further permissions!
After the extension has finished capturing the entire page, it is transferred to a new tab of your screenshot, where you may either drag it to your desktop or save it as an image or PDF.
AutoBuy Flash Sales
It enables the purchase of phones during flash sales, like the Redmi Note 11T 5G, Sony PS5, Infinix Note 11, and many more.
It aids in Buying New Products in Flash Sales. With FlashSale AutoBuy, it only takes seconds. Support has been added for auto buying the Redmi 10A on Amazon, the Infinix Note 11 on Flipkart, the PS5 on Amazon and Flipkart, and more.
According to the McAfee analysis, all five extensions share similar problems:
- They have malware that communicates the URL of the page and inserts code into e-commerce websites. Subsequently, every time a user accesses a website, the virus sends the URL of the current page to a remote server.
- Several Chrome extensions inject affiliate links utilising delayed techniques to avoid being discovered too soon. The installation of the extension typically takes around 15 days.
- This is vital information to remember: If you have installed any of the extensions above on your device, you are undoubtedly one of the 1.4 million victims. In short, we advise you to remove the extensions right away.
Here’s McAfee’s official statement regarding this matter:
How do these harmful extensions work?
Every extension monitors the browser for page changes. It transmits the URL of the newly visited page to an outlying server to see whether an affiliate revenue code may be infiltrated. Numerous websites include affiliate codes in their connections to shopping portals, which occasionally brings in a tiny money share.
However, most problematic extensions have nothing to do with buying anything and injecting code into every conceivable page. Additionally, McAfee discovered proof that some of the extensions delay inserting affiliate code for 15 days after installation, most likely to prevent being found at first.
Google’s Steps against these
With the latest Manifest V3 standard, Google is attempting to combat harmful extensions. People have better command over what site extensions may access using Manifest V3 compared to the earlier Manifest V2 technology.
Manifest V3 prohibits remotely hosted code, which would stop some (but not all) of the McAfee-reported behaviour.
Over 800,000 people were using the most prevalent Netflix Party extension. Although, now it has been taken down from the Chrome Web Store. The remaining ones are still active, and the Store still lists “Full Page Screenshot Capture” as a “Featured” item.
We advise you to uninstall any of such extensions if you haven’t already.