Extensions – Page 2 – WindowsTechs.com

Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension

Posted on June 12, 2019 by Jeff Stone

Evernote last month fixed a security flaw in a Google Chrome extension that could have allowed hackers to access information about roughly 4.6 million users, according to new research. Security vendor Guardio announced Wednesday it had discovered a vulnerability in Evernote’s Web Clipper extension for Chrome that could have allowed attackers to bypass the browser’s “same origin policy,” a security protocol meant to limit malicious scripts from spreading. Exploiting the flaw would have allowed attackers to gain privileges outside Evernote’s domain in Chrome — including access to a user’s other web content and services, researchers said. Evernote resolved the flaw within days, Guardio said, and there is no evidence the bug was exploited. Evernote did not respond to a request for comment from CyberScoop. The California company designs note-taking software that syncs and archives user files like lists, file attachments and websites between multiple devices. “Evernote was at the top of the list […]

The post Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension appeared first on CyberScoop.

Continue reading Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension→

Firefox add-ons with obfuscated code will be banned by Mozilla

Posted on May 7, 2019 by Lisa Vaas

The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what it’s really up to. Continue reading Firefox add-ons with obfuscated code will be banned by Mozilla→

This tool allows you to check the code powering Chrome extensions

Posted on February 21, 2019 by Sean Lyngaas

Browser extensions, like any other piece of software, can be abused or manipulated by hackers for malicious purposes. Duo Security wants to make it harder for that to happen. The company on Thursday released a beta version of a tool, CRXcavator, that screens extensions for Google Chrome, the world’s most popular web browser, for malicious code. “As our portal to the internet, browsers represent what is likely the largest common attack surface across consumers and businesses alike,” the Cisco-owned company said in a blog post. Extensions are handy for navigating the web, and some even offer important security features, but they can also allow third parties access a lot of user data. The new tool takes a stab at that security challenge by letting a user enter a Chrome extension and then returning a risk score for the application based on the permissions it grants on a computer. Tracking the third-party code used by an […]

The post This tool allows you to check the code powering Chrome extensions appeared first on CyberScoop.

Continue reading This tool allows you to check the code powering Chrome extensions→

Google taking new steps to prevent malicious Chrome extensions

Posted on October 2, 2018 by Peter Bright

Company plans stricter rules for developers, and greater control for users. Continue reading Google taking new steps to prevent malicious Chrome extensions→

Can search extensions keep your searches private?

Posted on August 23, 2018 by Pieter Arntz

A lot of search extensions have been marketed over the year claiming to protect online privacy. Are they worth installing? We take a look at what these plugins actually have to offer.
Categories:

PUP

Tags: chromeextensionsprivacysearchsearchalg… Continue reading Can search extensions keep your searches private?→

Google locks out extensions that don’t come from its Chrome Web Store

Posted on June 14, 2018 by Lisa Vaas

Time’s up for Chrome extensions from third-party sites. Continue reading Google locks out extensions that don’t come from its Chrome Web Store→

Chrome malware targets cryptocurrency, spreads through Facebook’s Messenger

Posted on May 2, 2018 by Zaid Shoorbajee

Researchers with cybersecurity firm Trend Micro have uncovered a malicious extension in Google’s Chrome web browser that uses a multitude of methods to steal and mine cryptocurrency from infected users. The malware, which Trend Micro calls “FacexWorm”, makes its way onto a victim’s browser via social engineering tactics conducted through Facebook Messenger. A target would receive a link leading to a fake YouTube page that would prompt the user to install an extension in order to play the video. Once the extension is installed, it’s programmed to hijack users’ Facebook accounts and spread the link throughout their friends list. FacexWorm appears to be a Swiss Army knife of cryptocurrency-oriented malware. According to Trend Micro, the malicious extension has various capabilities: If an infected user tries logs into Google, MyMonero or Coinhive, FacexWorm will intercept the credentials. When a victim tries to go to a specified set of cryptocurrency trading platforms, […]

The post Chrome malware targets cryptocurrency, spreads through Facebook’s Messenger appeared first on Cyberscoop.

Continue reading Chrome malware targets cryptocurrency, spreads through Facebook’s Messenger→

Popular Chrome VPN extensions are leaking your DNS data

Posted on April 26, 2018 by Waqas

By Waqas
Last month, HackRead reported how tons of popular VPN (Virtual Private
This is a post from HackRead.com Read the original post: Popular Chrome VPN extensions are leaking your DNS data
Continue reading Popular Chrome VPN extensions are leaking your DNS data→

Millions of Chrome Users Have Installed Malware Posing as Ad Blockers

Posted on April 19, 2018 by Kaleigh Rogers

Andrey Meshkov, the cofounder of ad-blocker AdGuard, took a look at the script in some popular ad-blocking knockoffs and found some shady business. Continue reading Millions of Chrome Users Have Installed Malware Posing as Ad Blockers→

Google bans cryptomining Chrome extensions because they refuse to play by the rules

Posted on April 3, 2018 by Peter Bright

Google continues to try to keep its browser running smoothly in spite of others’ efforts. Continue reading Google bans cryptomining Chrome extensions because they refuse to play by the rules→