Browsers

time-to-check-if-you-ran-any-of-these-33-malicious-chrome-extensions

Time to check if you ran any of these 33 malicious Chrome extensions

Biz & IT, Browsers, chrome, extensions, privacy, Security / /

Screenshot showing the phishing email sent to Cyberhaven extension developers. Credit: Amit Assaraf

A link in the email led to a Google consent screen requesting access permission for an OAuth application named Privacy Policy Extension. A Cyberhaven developer granted the permission and, in the process, unknowingly gave the attacker the ability to upload new versions of Cyberhaven’s Chrome extension to the Chrome Web Store. The attacker then used the permission to push out the malicious version 24.10.4.

Screenshot showing the Google permission request. Credit: Amit Assaraf

As word of the attack spread in the early hours of December 25, developers and researchers discovered that other extensions were targeted, in many cases successfully, by the same spear phishing campaign. John Tuckner, founder of Secure Annex, a browser extension analysis and management firm, said that as of Thursday afternoon, he knew of 19 other Chrome extensions that were similarly compromised. In every case, the attacker used spear phishing to push a new malicious version and custom, look-alike domains to issue payloads and receive authentication credentials. Collectively, the 20 extensions had 1.46 million downloads.

“For many I talk to, managing browser extensions can be a lower priority item in their security program,” Tuckner wrote in an email. “Folks know they can present a threat, but rarely are teams taking action on them. We’ve often seen in security [that] one or two incidents can cause a reevaluation of an organization’s security posture. Incidents like this often result in teams scrambling to find a way to gain visibility and understanding of impact to their organizations.”

The earliest compromise occurred in May 2024. Tuckner provided the following spreadsheet:

Name ID Version Patch Available Users Start End
VPNCity nnpnnpemnckcfdebeekibpiijlicmpom 2.0.1 FALSE 10,000 12/12/24 12/31/24
Parrot Talks kkodiihpgodmdankclfibbiphjkfdenh 1.16.2 TRUE 40,000 12/25/24 12/31/24
Uvoice oaikpkmjciadfpddlpjjdapglcihgdle 1.0.12 TRUE 40,000 12/26/24 12/31/24
Internxt VPN dpggmcodlahmljkhlmpgpdcffdaoccni 1.1.1 1.2.0 TRUE 10,000 12/25/24 12/29/24
Bookmark Favicon Changer acmfnomgphggonodopogfbmkneepfgnh 4.00 TRUE 40,000 12/25/24 12/31/24
Castorus mnhffkhmpnefgklngfmlndmkimimbphc 4.40 4.41 TRUE 50,000 12/26/24 12/27/24
Wayin AI cedgndijpacnfbdggppddacngjfdkaca 0.0.11 TRUE 40,000 12/19/24 12/31/24
Search Copilot AI Assistant for Chrome bbdnohkpnbkdkmnkddobeafboooinpla 1.0.1 TRUE 20,000 7/17/24 12/31/24
VidHelper – Video Downloader egmennebgadmncfjafcemlecimkepcle 2.2.7 TRUE 20,000 12/26/24 12/31/24
AI Assistant – ChatGPT and Gemini for Chrome bibjgkidgpfbblifamdlkdlhgihmfohh 0.1.3 FALSE 4,000 5/31/24 10/25/24
TinaMind – The GPT-4o-powered AI Assistant! befflofjcniongenjmbkgkoljhgliihe 2.13.0 2.14.0 TRUE 40,000 12/15/24 12/20/24
Bard AI chat pkgciiiancapdlpcbppfkmeaieppikkk 1.3.7 FALSE 100,000 9/5/24 10/22/24
Reader Mode llimhhconnjiflfimocjggfjdlmlhblm 1.5.7 FALSE 300,000 12/18/24 12/19/24
Primus (prev. PADO) oeiomhmbaapihbilkfkhmlajkeegnjhe 3.18.0 3.20.0 TRUE 40,000 12/18/24 12/25/24
Cyberhaven security extension V3 pajkjnmeojmbapicmbpliphjmcekeaac 24.10.4 24.10.5 TRUE 400,000 12/24/24 12/26/24
GraphQL Network Inspector ndlbedplllcgconngcnfmkadhokfaaln 2.22.6 2.22.7 TRUE 80,000 12/29/24 12/30/24
GPT 4 Summary with OpenAI epdjhgbipjpbbhoccdeipghoihibnfja 1.4 FALSE 10,000 5/31/24 9/29/24
Vidnoz Flex – Video recorder & Video share cplhlgabfijoiabgkigdafklbhhdkahj 1.0.161 FALSE 6,000 12/25/24 12/29/24
YesCaptcha assistant jiofmdifioeejeilfkpegipdjiopiekl 1.1.61 TRUE 200,000 12/29/24 12/31/24
Proxy SwitchyOmega (V3) hihblcmlaaademjlakdpicchbjnnnkbo 3.0.2 TRUE 10,000 12/30/24 12/31/24

But wait, there’s more

One of the compromised extensions is called Reader Mode. Further analysis showed it had been compromised not just in the campaign targeting the other 19 extensions but in a separate campaign that started no later than April 2023. Tuckner said the source of the compromise appears to be a code library developers can use to monetize their extensions. The code library collects details about each web visit a browser makes. In exchange for incorporating the library into the extensions, developers receive a commission from the library creator.

Time to check if you ran any of these 33 malicious Chrome extensions Read More »

microsoft-fixes-problem-that-let-edge-replicate-chrome-tabs-without-permission

Microsoft fixes problem that let Edge replicate Chrome tabs without permission

Browsers, google chrome, microsoft, Microsoft Edge, Tech, web browsers / /

Tab thieving thwarted —

Edge update is first proof that this was definitely a glitch.

Microsoft fixes problem that let Edge replicate Chrome tabs without permission

Microsoft

Microsoft has fixed a problem that resulted in tabs from Google Chrome being imported to Microsoft Edge without user consent, as spotted by The Verge. Microsoft has kept mum on the situation, making the issued update the first time Microsoft has identified this as a problem, rather than typical behavior for the world’s third-most-popular browser.

In late January, The Verge Senior Editor Tom Warren reported experiencing the puzzling Edge issue. After updating his computer, Edge launched with the tabs that Warren most recently used in Chrome. He eventually realized that Edge has a feature you can toggle, reading: “Always have access to your recent browsing data each time you browse on Microsoft Edge.” The setting is reachable in Edge by typing “edge://settings/profiles/importBrowsingData.” Interestingly, it allows Edge to import browsing data from Chrome every time you open Edge, but data from Firefox can only be imported manually. However, Edge was seizing Chrome tabs without this setting enabled. Others reported having this problem via Microsoft’s support forum and social media, as well.

The Edge setting as seen on a Windows 11 23H2 system running Edge 122. You can have data continuously imported from Chrome or on demand from Firefox, but other browsers don't appear.

Enlarge / The Edge setting as seen on a Windows 11 23H2 system running Edge 122. You can have data continuously imported from Chrome or on demand from Firefox, but other browsers don’t appear.

Andrew Cunningham

Microsoft didn’t respond to The Verge’s initial request for comment, but this week it released an Edge update that seems to address matters. Microsoft’s release notes from February 15 say:

Edge has a feature that provides an option to import browser data on each launch from other browsers with user consent. This feature’s state might not have been syncing and displaying correctly across multiple devices. This is fixed.

Microsoft seems to be saying that the status (enabled or disabled) of Edge’s importing data ability wasn’t syncing correctly across people’s Microsoft devices. However, this doesn’t explain the number of users who claimed they saw the problem without having the feature enabled. Microsoft declined Ars Technica’s request for comment.

With this fix, Microsoft is claiming that the behavior was, indeed, unintentional. But that wasn’t a given. Besides the fact that Microsoft hasn’t provided more details about the problem, the company also has a history of both sneakily and overtly trying to coerce people into using Edge. You’ll see Microsoft pester you with pop-up messages if you try to download Chrome or change your default browser, for example.

Edge and Chrome are both based on the Chromium browsing engine, but Chrome has long maintained a massive lead over Edge in terms of market share. Global Statcounter data points to Chrome having 64.41 percent market share last month, followed by Safari (18.82 percent), and then Edge (5.36 percent). The numbers inch slightly more in Microsoft’s favor when looking at the US market specifically (9.31 percent share in January), although Chrome still dominated (49.06 percent).

  • Browser market share for the past year globally.

  • Browser market share for the past year in the US.

Like many web browsers, Edge has a hard time competing with Chrome, which ties in with other popular Google services, like Gmail. Similarly, Edge promotes Microsoft offerings, including coupons, Microsoft accounts, and, as of recently, Copilot.

Edge pulling Chrome tabs seemed to fit in with pushy strategies Microsoft has employed to get people on its browser and other products, like Microsoft 365. Without more information, we don’t know when Microsoft first knew about Edge’s unwanted tab replication or how long it took to make it stop. Regardless, Microsoft doesn’t intend for tab swiping to be part of the Edge experience currently, so at least this particular nuisance should be over.

Microsoft fixes problem that let Edge replicate Chrome tabs without permission Read More »

apple-announces-sweeping-eu-app-store-policy-changes—including-sideloading

Apple announces sweeping EU App Store policy changes—including sideloading

App Store, Apple, Apple App Store, Browsers, Digital Markets Act, European Union, NFC, sideloading, Tech / /
iPhone 15, iPhone 15 Plus, iPhone 15 Pro, and iPhone 15 Pro Max lined up on a table

Enlarge / The iPhone 15 lineup.

To comply with European Union regulations, Apple has introduced sweeping changes that make iOS and Apple’s other operating systems more open. The changes are far-reaching and touch many parts of the user experience on the iPhone. They’ll be coming as part of iOS 17.4 in March.

Apple will introduce “new APIs and tools that enable developers to offer their iOS apps for download from alternative app marketplaces,” as well as a new framework and set of APIs that allow third parties to set up and manage those stores—essentially new forms of apps that can download other apps without going through the App Store. That includes the ability to manage updates for other developers’ apps that are distributed through the marketplaces.

The company will also offer APIs and a new framework for third-party web browsers to use browser engines other than Safari’s WebKit. Until now, browsers like Chrome and Firefox were still built on top of Apple’s tech. They essentially were mobile Safari, but with bookmarks and other features tied to alternative desktop browsers.

The changes also extend to NFC technology and contactless payments. Previously, only Apple Pay could fully access those features on the iPhone. Now, Apple will introduce new APIs that will let developers of banking and wallet apps gain more comparable access.

Developers will have new options for using alternative payment service providers within apps and for directing users to complete payments on external websites via link-outs. They’ll be able to use their apps to tell users about promotions and deals that are offered outside of those apps. (Apple warns that it will not be able to provide refunds or support for customers who purchased something outside its own payment system.)

Apple says it will give users in the European Union the ability to pick default App Stores or default contactless payment apps, just like they already can for email clients or web browsers. EU users will be prompted to pick a default browser when they first open Safari in iOS 17.4 or later, too.

Developers can “submit additional requests for interoperability with iPhone and iOS hardware and software features” via a new form.

All of the above changes impact only the EU; Apple won’t bring them to the United States or other regions at this time. There is one notable change that extends beyond Europe, though: Apple says that “developers can now submit a single app with the capability to stream all of the games offered in their catalog.” That opens the door for services like Microsoft’s Xbox Game Pass or Nvidia’s GeForce Now.

Apple notes that “each experience made available in an app on the App Store will be required to adhere to all App Store Review Guidelines,” which could still pose some barriers for game streamers.

Apple announces sweeping EU App Store policy changes—including sideloading Read More »

firefox-108-will-finally-let-you-save-websites-as-pdfs

Firefox 108 will finally let you save websites as PDFs

browser, Browsers, Firefox, Highlights, mozilla, News / /

internal/modules/cjs/loader.js: 905 throw err; ^ Error: Cannot find module ‘puppeteer’ Require stack: – /home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js at Function.Module._resolveFilename (internal/modules/cjs/loader.js: 902: 15) at Function.Module._load (internal/modules/cjs/loader.js: 746: 27) at Module.require (internal/modules/cjs/loader.js: 974: 19) at require (internal/modules/cjs/helpers.js: 101: 18) at Object. (/home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js:2: 19) at Module._compile (internal/modules/cjs/loader.js: 1085: 14) at Object.Module._extensions..js (internal/modules/cjs/loader.js: 1114: 10) at Module.load (internal/modules/cjs/loader.js: 950: 32) at Function.Module._load (internal/modules/cjs/loader.js: 790: 12) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js: 75: 12) code: ‘MODULE_NOT_FOUND’, requireStack: [ ‘/home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js’ ]

Firefox 108 will finally let you save websites as PDFs Read More »