Interesting: Popular screenshot tool removed from Chrome ext store and marked as malware

HxxxHxxx OG
edited April 6 in General

Chrome actually killed the extension very recently even though another author uploaded a previous version of it in the past days.

The stats that the plugin had: https://chrome-stats.com/d/haiidfhfnmfmicpakjjkibpcdoolnbbo , 330K~ users.

Looking at the code it seems a large part of the background.bundle.js has nothing to do with the actual functionality of the plugin. It does call home (authors URL) to download an identifier that seems to be used for mixpanel analytics.

But then it does have a few requests functions that seems very familiar to what I notice on the Video Downloader professional plugin case. I found @joepie91 analysis (https://gist.github.com/joepie91/fa55c936438bab8bb977e008e8be82f2) of that code and is where I only was able to match some of the logic of the background.bundle.js.

What I find amusing is that Chrome Webstore just removes the extension and doesn't publish a note for users to let them know what happened.

The screenshot functionality seems to be in the others JS files and that looks legit.

In my opinion Chrome should step up their game when it comes to letting random authors publish extensions. I do understand why the App Store (Apple) is so strict, I almost which Google was that strict.

Nowadays looking at the popular Plugins and looking at the amount of downloads and reviews doesn't seem enough to trust an app. Imagine having to inspect the code all the time.

In reality browsers are better off without plugins.

Comments

  • deankdeank OGOfficial Troll

    The screenshot key is all I need for screenshots.

    Thanked by (2)Hxxx AlwaysSkint

    The Amitz day is October 21. ♻ I call people by their soulname.

  • @deank said:
    The screenshot key is all I need for screenshots.

    I believe this plugin had the ability to scroll the page and screenshot long pages and unify the shots.

  • deankdeank OGOfficial Troll

    If one needs that kind of screenshot, he needs help.

    Thanked by (1)Hxxx

    The Amitz day is October 21. ♻ I call people by their soulname.

  • @Hxxx said:

    @deank said:
    The screenshot key is all I need for screenshots.

    I believe this plugin had the ability to scroll the page and screenshot long pages and unify the shots.

    You can do that without a Chrome Extension.

  • HxxxHxxx OG
    edited April 6

    @deank said:
    If one needs that kind of screenshot, he needs help.

    I can imagine web designers finding this useful.

    @Mew for sure.

    Just sharing the news, maybe other developers that like to do research might find this interesting.

  • It happens all the time, unfortunately. I used Nano Defender for a long time until it served malware after an acquisition.

    Thanked by (1)Hxxx
  • joepie91joepie91 OGServices Provider
    edited April 6

    @Hxxx said: In reality browsers are better off without plugins.

    Not really, it's just a review problem. Google certainly could review all of the popular plugins (which are the likely targets of malicious acquisitions and such), they just choose not to. Unlike Mozilla, which does actually review popular Firefox extensions for malicious code.

    Edit: And this fits in a theme of Google being bizarrely obsessed with automation, to the point of refusing to put a human in the loop anywhere if it is at all avoidable. It's the same reason they provide zero customer support outside of a few places where they would have literally no customers if they did that.

    Thanked by (1)Hxxx
Sign In or Register to comment.