![]() These were only the ones that Palant found in a sample of approximately 1,000 extensions. These include Autoskip for Youtube, Crystal Ad block, Brisk VPN, Clipboard Helper, Maxi Refresher, Quick Translation, Easyview Reader view, Zoom Plus, Base Image Downloader, Clickish fun cursors, Maximum Color Changer for Youtube, Readl Reader mode, Image download center, Font Customizer, Easy Undo Closed Tabs, OneCleaner, and Repeat button, though it is likely that there are other infected extensions. However yesterday, he disclosed 17 more browser extensions that use the same trick to download and run a JavaScript file. Palant had no way of confirming what the malicious code in PDF Toolbox did when he first discovered it. (It is still available there at the time of writing, despite Palant lodging a report about its malicious code.) By making the malicious code resemble a legitimate API call, obfuscating it so that it’s hard to follow, and delaying the malicious call for 24 hours, PDF Toolbox has been able to avoid being removed from the Chrome Web Store by Google since it was last updated in January 2022. While PDF Toolbox seemingly can do all the PDF tasks it claims to be able to, it also downloads and runs a JavaScript file from an external website which could contain code to do almost anything, including capture everything you type into your browser, redirect you to fake websites, and take control of what you see on the web. Without this feature, it would not be able to pseudo-legitimately access your browser to the same extent. In order to download PDFs from tabs that aren’t currently active, PDF Toolbox has to be able to access every web page you currently have open. Google requires extension developers to only use the minimum permissions necessary. It’s that last feature that leaves PDF Toolbox open for bad intentions. ![]() The extension purports to be a basic PDF processor that can do things like convert other documents to PDF, merge two PDFs into one, and download PDFs from open tabs. Unfortunately, because Chrome extensions are so powerful and can have a lot of control over your browsing experience, they are a popular target for hackers and other bad actors.Įarlier this month, independent security researcher Wladimir Palant discovered code in a browser extension called PDF Toolbox that allows it to inject malicious JavaScript code into any website you visit. The tasks that this customizable feature can do are wide-ranging, but some popular extensions can auto-fill your password, block ads, enable one-click access to your todo list, or change how a social media site looks. It’s yet more evidence that Chrome extensions need to be evaluated with a critical eye.Ĭhrome extensions are apps built on top of Google Chrome that allow you to add extra features to your browser. Combined, the extensions have over 57 million active users. ![]() It was originally published on June 1, 2023.Īn independent security researcher has found malicious code in 18 Chrome extensions currently available in the Chrome Web Store. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |