fbpx

Download free GDPR compliance checklist!

Chrome extensions with 33 million downloads slurped sensitive user data

Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information

The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on.

Source: Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica

>