Chrome Extensions Used by 1.4 Million People Contain Malicious Cookies

We honestly don’t have anything against Chrome. In fact, we use it all the time. We talk about it so much because there’s a constant stream of stories that we think you need to know about. It’s the same today.

The good news is, these are fake extensions and no ‘official’ Chrome ones. But they were available in the Chrome Web Store.

They have since been removed, but if you installed any of the extensions below, you might want to remove them.

5 different extensions for Netflix and a couple of others have been found to contain code that can track browsing activity and include affiliate programming.

"The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole said. "The latter borrows several phrases from another popular extension called GoFullPage."

The following 5 extensions are the ones to avoid:

1. Netflix Party (mmnbenehknklpbendgmgngeaignppnbe)
2. Netflix Party (flijfnhifgdcbhglkneplegafminjnhn)
3. FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej)
4. Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp)
5. AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed)

Each extension loads JavaScript to track where users go and inject affiliate links into relevant purchases to make money.

"Every website visited is sent to servers owned by the extension creator," the researchers noted. "They do this so that they can insert code into eCommerce websites being visited. This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased."

Interestingly, the code has the ability to delay activity for 15 days after installation in an attempt to obfuscate what’s going on.

The extensions have been removed from the web store and should no longer be available from official sources.

However, they are likely still available at unofficial app repositories and on those 1.4 million devices.

If you ever used one of these extensions, now is a good time to delete is and perform a full malware scan!