a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.
While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser
The extensions in question in case you can’t access the article.
- Blipshot (one click full page screenshots)
- Emojis - Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock für Chrome | Chrome-Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome - NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
deleted by creator
Blipshot (one click full page screenshots)
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
more likely they were less of a hijacked and more of a waited for enough people to use them and then proceed to the next stage of the plan.
We put so much important information/data through browsers (and smart phones for that matter), and it is becoming hard to trust third party code running on either. Trust in the publisher has become mandatory for me and the only browser plugin I run now is Bitwarden. Neither the app store operators nor the browser publishers seem to have an answer for reliably thwarting malicious actors. I don’t know what the answer is, other than developing literacy in writing browser plugins and adding functionality through my own code.
