Google Chrome extensions can add more features to your browsing experience, but there have been many malicious extensions over the years. A recent security report led to the discovery of five more malicious extensions.
On Monday, McAfee released a report describing five malicious browser extensions available on the Chrome Web Store, including two “Netflix Party” extensions, “FlipShope — Price Tracker Extension,” “Full Page Screenshot Capture — Screenshotting,” and “AutoBuy Flash Sales.” They each had over 20,000 downloads, totaling over 1,400,000 downloads.
Each extension monitors browser page changes, and when the user navigates to a new page, the extension sends the page URL to a remote server to see if affiliate revenue code can be injected. Many websites (including How-To Geek) include affiliate code in links to shopping websites, which allows them to earn a small commission. However, the majority of the infringing extensions have nothing to do with purchasing items and are injecting the code on all possible pages. McAfee also discovered evidence that some of the extensions wait 15 days after installation before injecting affiliate code, presumably to avoid detection at the outset.
With the new Manifest V3 standard, Google has been working to combat malicious extensions. Manifest V3 gives people more control over which pages extensions can access than the older Manifest V2 technology (which at least one of the extensions is using). Manifest V3 also blocks remotely hosted code, preventing some (but not all) of the McAfee-reported behaviour.
The Chrome Web Store’s most popular Netflix Party extension, which had over 800,000 users, has since been removed. The rest are still available, and “Full Page Screenshot Capture” is still marked as “Featured” on the Store. If you have any of them installed, make sure you uninstall them. How-To Geek has contacted Google for comment, and we will update this article as soon as (or if) we receive a response.
