Get the latest tech news

Malicious extensions circumvent Google's remote code ban


This blog post looks into how 62 malicious extensions circumvent Google’s restrictions of remote code execution in extensions. One group of extensions is associated with the company Phoenix Invicta, another with Technosense Media. The largest group around Sweet VPN hasn’t been attributed yet.

Coming back to Adblock all advertisements, it is still clearly spying on its users, using ad blocking functionality as a pretense to send the address of each page visited to its server (code slightly simplified for readability): Legitimate functionality not intending to spy wouldn’t send a unique user ID with the request, the page address would be cut down to the host name (or would at least have all parameters removed) and the response would be cached. Given what McAfee discovered about these extensions before this is likely meant for cookie stuffing, yet execution of arbitrary JavaScript code in the context of targeted web pages is also a possible scenario.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google

Google

Photo of Malicious extensions

Malicious extensions

Photo of circumvent

circumvent

Related news:

News photo

Google's Pixel 10a gets spotted early amid an alleged Pixel 11 codename leak

News photo

Google serving sponsored link to Homebrew site clone with malware

News photo

Google’s Pixel 8a is back on sale for a record-low price