Google Chrome is currently the most popular web browser in the world by a mile. The Google browser’s support for different extensions that help increase productivity and user experience is one of the reasons for its popularity.
Now, a new report from McAfee states that four Google Chrome extensions were stealing users’ browsing data. Over 1.4 million people have downloaded these five extensions. These extensions include Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales.
Among these, Netflix Party and Netflix Party 2 were the most downloaded of the five extensions. These extensions enable users to watch shows or movies on Netflix together even when they are in different locations by syncing the videos. Netflix Party has over 800,000 downloads, whereas Netflix Party 2 Chrome Extension has over 300,000 downloads.
According to the report, these extensions loaded a multipurpose script that transfers browsing data to an attacker-controlled domain. Every time a user visits a new URL, their browsing data is transferred to this domain. The data includes the user ID, device location, nationality, zip code, and an encoded referral URL. They use this in order to insert code into eCommerce websites that are being visited. This operation alters the site’s cookies so that the extension creators receive affiliate payment for any products purchased.
The Chrome Web Store has removed Netflix Play, Netflix Play 2, and AutoBuy Flash Sales extensions. The other extensions, on the other hand, are still available for download.
RELATED:
- Google Chrome will support handwriting-to-text using a stylus on Android 13
- Apple iPhones are most vulnerable to hacking when powered off
- Android users have to Immediately Update their Chrome browsers to patch severe vulnerability
