Security News > 2021 > January > What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out

What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out
2021-01-07 07:55

Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious.

The Register understands that the unidentified maintainer of the project subsequently resubmitted the extension without the suspicious behavior that had been cited in a GitHub issues post.

As one user wrote, "The extension was sold to an unknown party. This entity has 'updated' the extension to v7.1.8 w/o publishing changes to Github. It is calling remote scripts and using remote tracking analytics, sending user information somewhere w/o user knowledge."

The Register asked Josh Manders, a developer working on a hosting platform called Primcloud, why he had expressed concern about the extension.

Developer Thibaud Colas came to a similar conclusion on Monday after analyzing the extension code and noting several inconsistencies, like the inclusion of a hard-coded siteId in the removed OWA tracking script that belongs to a different extension.

The Register asked Google whether it plans to implement any measures to help make it easier for people to understand who maintains Chrome extensions and to understand code changes that have been made.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/07/great_suspender_malware/