Google Chrome extensions can add more features to your browsing experience. But many malicious extensions have been exposed from time to time.
Five more were added to these, according to a recent security report.
McAfee he published a report on Monday detailing five malicious browser extensions available in the Chrome Web Store: 2 “Netflix Party” extensions, “FlipShope — Price Tracker Extension,” “Full Page Screenshot Capture — Screenshotting,” and “AutoBuy Flash Sales .” Each of them had more than 20.000 downloads, while all together they had more than 1.400.000.
Each extension detects for page changes in the browser and every time the user navigates to a new page, it sends the page's URL to a remote server.
McAfee also found evidence that some of the extensions wait 15 days after installation to start injecting a code, possibly to avoid initial detection.
Google is of course trying to combat these malicious extensions with the new standard Manifest V3. Compared to the older Manifest V2 technology (which at least one of the extensions uses), Manifest V3 gives users more control over which pages extensions can access.
Manifest V3 also blocks remote hosted code, which will prevent some (but not all) of the behavior reported by McAfee.
The most popular Netflix Party extension, which had more than 800.000 users, has already been removed from the Chrome Web Store. The rest are still there and "Full Page Screenshot Capture" still has the "Featured" tag in the Store.
If you have any of these extensions installed, be sure to remove them immediately.
| Name | Extension ID | Users |
| Netflix Party | mmnbenehknklpbendgmgngeaignppnbe | 800,000 |
|
Netflix Party 2 | flijfnhifgdcbhglkneplegafminjnhn | 300,000 |
|
FlipShope – Price Tracker Extension
| adikhbfjdbjkhelbdnffogkobkekkkej | 80,000 |
|
Full Page Screenshot Capture – Screenshotting
| pojgkmkfincpdkdgjepkmdekcahmckjp | 200,000 |
| AutoBuy Flash Sales | gbnahglfafmhaehbdmjedfhdmimjcbed | 20,000 |
