A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000..
Netflix Party | 800,000 downloads
Netflix Party 2 | 300,000 downloads
Full Page Screenshot Capture – Screenshotting | 200,000 downloads
AutoBuy Flash Sales | 20,000 downloadsApart from offering the intended functionality, the extensions also track the user’s browsing activity. Every website visited is sent to servers owned by the extension creator. They do this so that they can insert code into eCommerce websites being visited. This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased…
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
- This topic has 1 reply, 2 voices, and was last updated 2 years, 8 months ago.
AuthorViewing 0 reply threadsAuthorViewing 0 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
.NET 8.0 Desktop Runtime (v8.0.16) – Windows x86 Installer
by 31 minutes ago
-
Neowin poll : What do you plan to do on Windows 10 EOS
by 1 hour, 43 minutes ago
-
May 31, 2025—KB5062170 (OS Builds 22621.5415 and 22631.5415 Out-of-band
by 23 minutes ago
-
Discover the Best AI Tools for Everything
by 4 minutes ago
-
Edge Seems To Be Gaining Weight
by 7 minutes ago
-
Rufus is available from the MSFT Store
by 22 hours, 7 minutes ago
-
Microsoft : Ending USB-C® Port Confusion
by 1 day ago
-
KB5061768 update for Intel vPro processor
by 6 hours, 41 minutes ago
-
Outlook 365 classic has exhausted all shared resources
by 2 hours, 52 minutes ago
-
My Simple Word 2010 Macro Is Not Working
by 20 hours, 2 minutes ago
-
Office gets current release
by 22 hours, 39 minutes ago
-
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by 2 days, 12 hours ago
-
Windows AI Local Only no NPU required!
by 1 day, 21 hours ago
-
Stop the OneDrive defaults
by 2 days, 13 hours ago
-
Windows 11 Insider Preview build 27868 released to Canary
by 2 days, 23 hours ago
-
X Suspends Encrypted DMs
by 3 days, 1 hour ago
-
WSJ : My Robot and Me AI generated movie
by 3 days, 1 hour ago
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by 3 days, 2 hours ago
-
OpenAI model sabotages shutdown code
by 3 days, 3 hours ago
-
Backup and access old e-mails after company e-mail address is terminated
by 2 days, 15 hours ago
-
Enabling Secureboot
by 2 days, 22 hours ago
-
Windows hosting exposes additional bugs
by 3 days, 11 hours ago
-
No more rounded corners??
by 3 days, 6 hours ago
-
Android 15 and IPV6
by 2 days, 20 hours ago
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by 3 days, 23 hours ago
-
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by 4 days, 2 hours ago
-
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by 3 days, 20 hours ago
-
Windows Update orchestration platform to update all software
by 4 days, 9 hours ago
-
May preview updates
by 3 days, 20 hours ago
-
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by 3 days, 12 hours ago
Remembering Woody
