Well even more reason to NOT use Chrome(or Chromium) browser!
sure it might happen to(or has happened?) Firefox?
But I think it’s extensions “store” is more secure.
Then again nothing is truly secure!
No. This isn’t a reason to not use Chrome or a Chromium browser. The main extension hack discussed in the article happened because of a successful phishing attack, not because the Chrome Web Store is inherently insecure. It’s very likely the other 4 extensions also were subject to that. I’m sorry, but this would have happened if Firefox was the number one browser.
If you don’t want to use a Chromium based browser, there are other, better, reasons to not do so.
I’ve seen an article recently with about 25 malicious chrome store extension apps identified as doing more damage than this. [I am too lazy to look for this link now!]. You know, random stuff people get, well-disguised. It’s a big attack vector. I used to love extensions, now I am wary. Example: Even though I am assured the KeepassXC people maintain the extension I will not use it anymore. Passwords now in cloud—how could they not be? I use about three and I’m not sure I trust them because of popularity.
@winnyace firefox store or chrome store does not matter, you are right, they both have a wealth of un-audited extensions that they gladly push on you with the bullsh** caveat of something like “we don’t monitor this extension” or similar…
Read, “This is how they tell me the world ends: The cyberweapons arms race” by Perlroth. Nothing is safe.
It’s at my library, thank you.
Interesting list. Mostly AI and VPN extensions. The really delicious part are the installed keylogger extensions people naively installed that, no surpise, phoned all keystrokes home…
" As Tuckner indicated, browser extensions have long remained a weak link in the security chain. In 2019, for example, extensions for both Chrome and Firefox were caught stealing sensitive data from 4 million devices. Many of the infected devices ran inside the networks of dozens of companies, including Tesla, Blue Origin, FireEye, Symantec, TMobile, and Reddit."
I don’t really understand how one can use just one of these extensions…