Popular Chrome add-on deceptively collecting data

A popular Google Chrome add-on with over 1 million downloads is deceptively capturing users’ browsing data and selling it for marketing purposes, according to researchers.

It’s more evidence that Internet browser add-ons, or “extensions,” are a prime target for nefarious actors.

The “Webpage Screenshot” plug-in, which provides an easy way for Chrome users to take screenshots, is essentially spyware — software that surreptitiously collects information — Heimdal Security wrote in a Wednesday blog post.

{mosads}The software has infiltrated not only individuals, but also major companies.

After the plug-in is installed, “the browser receives instructions to constantly send away information about what websites have been visited to a server in United States,” Heimdal said.

Webpage Screenshot’s terms of service did contain language about collecting a large swath of information, but researchers said the add-on went too far.

The extension is just one of thousands available. Extensions are small software packages that provide additional features or shortcuts. The Google Chrome Web Store, for example, offers extensions to streamline sending articles to your Kindle or to make it easier to send a tweet.

These shortcuts are “pieces of code, which means they have the ability to deliver malicious payloads or can prove to be ‘Trojan horses,’ that hide spyware functions and steal personal details from users,” Heimdal said.

“Apparently, there is an important vulnerability in how code validation is done for each extension in Google Chrome, which makes us wonder how many extensions are still out there that hide spyware,” Heimdal added.

Google has recently taken steps to eliminate malicious code planted within its Chrome extensions.

The company’s researchers revealed last week that a rapidly growing number of its extensions have “ad injectors” implanted in them. While ad injectors seem relatively harmless — they mostly replace or implant new ads on a Web page — the flaw also opens a door for hackers to remotely hijack a computer.

The tech giant has purged its Web store of 192 deceptive Chrome extensions and said it will continue to root out bad actors.

Google removed Webpage Screenshot from its store on Tuesday.


The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.

See all Hill.TV See all Video

Most Popular

Load more


See all Video