* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, August 2, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emory orthopaedic surgeons use robotic technology to transform knee replacement surgery – Emory News Center

    How Robotic Technology is Revolutionizing Knee Replacement Surgery

    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emory orthopaedic surgeons use robotic technology to transform knee replacement surgery – Emory News Center

    How Robotic Technology is Revolutionizing Knee Replacement Surgery

    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Chrome users – get an alert when extensions are in danger of falling into wrong hands

March 7, 2024
in Technology
Chrome users – get an alert when extensions are in danger of falling into wrong hands
Share on FacebookShare on Twitter

Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don’t mind installing yet another browser extension.

Matt Frisbie, a software developer and programming book author, has released a Chrome add-on called Under New Management to alert users when installed extensions have changed owners.

In the GitHub repo for Under New Management, Frisbie explains why this may be useful. Basically: Extensions can be developed for entirely innocent, useful purposes, but when they are sold or hand over to others, those new owners can – and have – sneakily adjusted the code so that it turns against the user, stealing their info or injecting ads. This kind of hijacking can affect millions of netizens at a time.

“Extension developers are constantly getting offers to buy their extensions,” Frisbie says. “In nearly every case, the people buying these extensions want to rip off the existing users.

The users of these extensions have no idea an installed extension has changed hands, and may now be compromised

“The users of these extensions have no idea an installed extension has changed hands, and may now be compromised.

“Under New Management gives users notice of the change of ownership, giving them a chance to make an informed decision about the software they’re using.”

As we reported last August, those who develop Chrome extensions that become popular often receive solicitations to sell their code or to partner with a third-party in order for the new owner or partner to insert dubious, scammy, or malicious code in the extension.

The idea is that the browser extension, which has been altered to collect or steal data, or to present ads or to execute some other monetizable function like cryptomining, can be updated automatically without alarming those who have installed it — perhaps without being caught by Google’s automated scanning.

Google’s focus has been on detecting malicious code and in that respect Frisbie believes Google has been successful. “Their automatic package analysis tools are sophisticated at detecting malicious extensions,” Frisbie explained in an email to The Register. “A primary goal of the Manifest v3 push was to disable the more problematic attack vectors (e.g. remove code execution). All indications are that these efforts have been largely successful.”

Malicious Chrome extensions are bad. But what about nice ones that can be hijacked? This new tool spots them

ALSO SEE

“When an acquisition goes through, and the new publisher tries to abuse the existing user base, the Chrome team usually is able to detect if the new publisher sends out a malicious update, but this is the only line of defense,” he said. “What’s more, this doesn’t account for cases where the new update isn’t necessarily malicious, but might export and abuse a user’s data, inject ads, or use it in a way that they did not intend when they installed the extension.”

One such request cited by a Chrome extension developer on the Chrome Extensions mailing list sought the modification of the user’s search provider in order to capture all the search terms the user enters into the browser’s omnibox.

Schemes of this sort are common elsewhere and have been seen by those developing software packages distributed through package registries. Web publishers also get solicitations to replace broken links with a functioning link to some other website seeking the search ranking benefit of association with an authoritative source.

But these sorts of offers are particularly pernicious when they involve code due to the amount of sensitive data that extensions may be able to see. And they can affect a lot of people: Chrome is used by something like 2-3 billion people worldwide. While the majority of that usage nowadays occurs on mobile devices – where, on iOS devices at least, Chrome extensions aren’t currently an option – many desktop and Android-based Chrome users have extensions installed. The last time Google offered an official number was in 2010, when a third of Chrome users were said to have at least one extension installed.

Avast shells out $17M to shoo away claims it peddled people’s personal data

Mozilla slams Microsoft for using dark patterns to drive Windows users toward Edge

YouTube video lag wrongly blamed on its ad-blocking animus

Google bins integrity API that looked more than a bit like horrible DRM for websites

Frisbie said that he’s a Google Developer Expert on Browser Extensions and thus has access to the Chrome team and has been working with them to shape the Chrome Extensions platform.

Changes of ownership are particularly problematic for browser extensions, Frisbie explained, because of a confluence of factors: they’re more powerful than most people realize; they’re difficult to monetize; the Chrome Web Store doesn’t disclose a lot of details about extension developers; extensions tend to be installed for a long time and get automatic updates; and transferring ownership is easy and done without meaningful oversight.

“This combination of factors brought the ecosystem to where it is today,” he said. “Extensions with lots of users get lots of acquisition offers, usually from individuals who can’t be easily identified and don’t disclose what their intentions are.

The Chrome team is entertaining changes that would allow for this sort of detection

“If the user was notified of a change of ownership, they could potentially avoid all this.”

Frisbie said he’s building an extension promotion platform called ExBoost to improve the extension ecosystem and make it safer. Under New Management relies on an ExBoost API server to handle the checking of developer information due to Cross Origin Resource Sharing rules limiting access to data related to extension domains.

Thanks for Frisbie’s work, Google may be open to implementing an official API to detect ownership changes. “I’m pleased to say that, as a result of the attention this has received, the Chrome team is already entertaining changes to the web extensions API that would allow for this sort of detection,” he said.

Google’s Chrome team, we’re told, is aware of Frisbie’s extension and thinks it’s interesting, and has encouraged him to discuss it with members of the W3C’s WebExtensions Community Group. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/03/07/chrome_extension_changes/

Tags: Chrometechnologyusers
Previous Post

Possible China link to Change Healthcare ransomware attack

Next Post

Windows 10 failing to patch properly? You are most definitely not alone

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

August 2, 2025
EPA attacks climate science. Here are the facts. – E&E News by POLITICO

EPA Questions Climate Science: Key Insights You Shouldn’t Miss

August 2, 2025
6 science-backed strategies to improve your memory – National Geographic

6 Proven Science-Backed Strategies to Boost Your Memory

August 2, 2025
Trying to keep your brain young? A big new study finds these lifestyle changes help – NPR

Trying to keep your brain young? A big new study finds these lifestyle changes help – NPR

August 2, 2025
2025 World Junior Summer Showcase: 3 things learned on Day 5 – NHL.com

3 Must-Know Highlights from Day 5 of the 2025 World Junior Summer Showcase

August 2, 2025
Economic Reality Bites Trump and His Protectionist Trade Policies – The New Yorker

How Trump’s Protectionist Trade Policies Ended Up Hurting the Global Economy

August 2, 2025
Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

August 2, 2025
President Trump Delivers Remarks on Making Health Technology Great Again – The White House (.gov)

President Trump Delivers Remarks on Making Health Technology Great Again – The White House (.gov)

August 2, 2025
Trump’s super PAC in powerful financial position with nearly $200 million on hand – CNN

Trump’s super PAC in powerful financial position with nearly $200 million on hand – CNN

August 2, 2025
It’s time to retire the word ‘technology’ – Financial Times

Why It’s Time to Retire the Word ‘Technology’ for Good

August 2, 2025

Categories

Archives

August 2025
MTWTFSS
 123
45678910
11121314151617
18192021222324
25262728293031
« Jul    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (750)
  • Economy (775)
  • Entertainment (21,653)
  • General (16,241)
  • Health (9,812)
  • Lifestyle (783)
  • News (22,149)
  • People (776)
  • Politics (784)
  • Science (15,988)
  • Sports (21,270)
  • Technology (15,752)
  • World (758)

Recent News

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

August 2, 2025
EPA attacks climate science. Here are the facts. – E&E News by POLITICO

EPA Questions Climate Science: Key Insights You Shouldn’t Miss

August 2, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version