Archive for Chrome

« Older Entries

Fake AI Chrome extensions with 300K users steal credentials, emails 

Posted in Commentary with tags , on February 13, 2026 by itnerd

There’s news that’s out which details a set of 30 malicious Chrome extensions installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Borja Rodriguez, Manager of Threat Intelligence Operations at Outpost24, has provided the following commentary:

“We have repeatedly seen malicious browser extensions bypass review processes and reach significant user adoption before removal. In this case, some extensions accumulated tens of thousands of installs, and others remain available even after public disclosure. That raises legitimate questions about the effectiveness, speed, and consistency of Google’s vetting and monitoring mechanisms for Chrome Web Store submissions.

Over the past few years, Google has demonstrated that it can strictly enforce policy decisions when they align with its strategic priorities, including restrictions that affected ad and tracker blocking extensions. That level of enforcement shows the company has both the technical capability and operational control to act decisively when it chooses to.

However, malicious extensions continue to surface and operate at scale. This suggests that either the automated review systems are insufficient to detect certain abuse patterns, or post publication monitoring and rapid takedown processes are not robust enough to limit exposure. Given the scale of Chrome’s user base, even a short window of exposure can translate into hundreds of thousands of victims.

The broader concern is trust. Users reasonably assume that extensions listed in an official store have undergone meaningful security scrutiny. When campaigns like this repeatedly succeed, that trust erodes. Stronger proactive detection, improved behavioral analysis of extensions after publication, and faster response cycles are essential to reduce systemic risk.”

This once again highlights the fact that just because something exists, doesn’t mean that you should install it. Especially in the age of AI where your attempt to use what I call “the new hotness” may get you pwned.

Leave a comment »

Is Windows 10 April 2018 Update Killing Chrome Or Vice Versa?

Posted in Commentary with tags , on May 3, 2018 by itnerd

Chrome users who updated to Windows 10 April 2018 update are complaining in places like Reddit that Microsoft’s latest update is causing Chrome to freeze and hang. The only way to restore control is to either reboot, or put the device to sleep and wake it up. Right now there is no fix, though a bug report has been filed. So we’ll see if a new version of Chrome or a update to Windows 10 is punted out to the world to address this.

While that is not the only issue that seems to be affecting users of this Windows 10 Update, it is the worst one. If you are affected by issues with this update, Neowin has a article called Windows 10 April 2018 Update problems: how to fix them that may be of assistance.

4 Comments »

An Exploit That Is “Impossible To Detect” Exists On Chrome, Firefox, & Opera

Posted in Commentary with tags , , , on April 17, 2017 by itnerd

A Chinese researcher has found an exploit that can be leveraged for phishing attacks on Chrome, Firefox, and Opera. Here’s the kicker, there’s no way you can protect yourself. Here’s the details from The Hacker News:

Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

And:

Okay, then before going to the in-depth details, first have a look at this demo web page, set up by Chinese security researcher Xudong Zheng, who discovered the attack.

“It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.” Xudong Zheng said in a blog post.

If your web browser is displaying “apple.com” in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.

Homograph attack has been known since 2001, but browser vendors have struggled to fix the problem. It’s a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.

Lovely. Google (via Engadget) says that they have a fix on the way for this. Firefox users can mitigate the attack by doing the following:

  1. Type about:config in address bar and press enter.
  2. Type Punycode in the search bar.
  3. Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to true.

Opera and Chrome users have no mitigation strategies available at this time. Hopefully, all three browsers will be fixed shortly as this is extremely dangerous.

Leave a comment »

Latest Adobe Acrobat Reader Update SILENTLY Installs Chrome Extension

Posted in Commentary with tags , on January 12, 2017 by itnerd

The news is out that the latest update out from Adobe for its Acrobat Reader for Windows does something that I find distasteful. It silently installs an extension into your Google Chrome browser. After you update Acrobat Reader, the next time you open Chrome it will note the new extension and ask if you want to enable it or remove it.

The problem is this:

The installation process is covert, but the next time users open their Chrome browser, they’ll be notified by Chrome’s security systems that a new extension has been added.

The extensions name is Adobe Acrobat and is the same extension available through the Chrome Web Store.

Let me focus on three things. First is the fact that the “installation process is covert” meaning that you are not told that this is going to happen when you update Adobe Acrobat Reader. Which in turn would give you the choice as to if you want it installed or not. But I bet that lots of users are going to say yes when the prompt to enable it pops up in Chrome and I bet that is what Adobe is counting on. The second thing that I want to focus on is the fact that the extension in question is available on the Chrome Web Store. That means that if you really wanted this, you had an avenue to get it. So one has to wonder why Adobe is now forcing it upon users? Finally, Chrome offers pretty good native PDF support. So why even bother having more software installed?

Now the cyinic in me sees this as the real reason behind this:

The Adobe Acrobat extension also comes with anonymous usage data collection turned on by default, which might scare some users.

According to Adobe, extension users “share information with Adobe about how [they] use the application.”

“The information is anonymous and will help us improve product quality and features,” Adobe also says.

Digging deeper into this data collection mechanism, we see that Adobe collects the following user information:

  • Browser type and version
  • Adobe product information such as version
  • Adobe feature usage such as menu options or buttons selected

“Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe,” the company says.

I’m sorry, but force feeding me a browser extension that phones home doesn’t exactly give me the warm fuzzies.

Now there’s one thing that popped to mind as I was typing this.Chrome has come bundled with Adobe products such as Flash. If you want to see this in action, install or update Flash. You’ll see that installing Google Chrome is an option (that to be frank I remove 100% of the time). Is there a connection?

That’s a question that I would love to have an answer to.

UPDATE: Clearly this story got Adobe’s attention. 24 Minutes after posting this, I got this Tweet:

Leave a comment »

Another Reason To Switch From XP… Chrome And Firefox Going EOL

Posted in Commentary with tags , , on October 29, 2013 by itnerd

If you’re still on Windows XP, you should really think about switching before April of next year when Microsoft ends support for the OS. If that isn’t enough to entice you to switch to Windows 7 or 8, here’s another reason. Firefox plans to end support for XP and Chrome is being discontinued a little later as well. That means no security fixes or improvements. In this day and age of browser based attacks, that’s a security risk. Now I know that there’s a sizable install base out there for XP, but home users and business users alike cannot ignore that that support for this OS will be disappearing. Therefore you should start making plans to switch to a newer OS sooner rather than later.

Leave a comment »

Chrome Stores Passwords In Clear Text…. Is This An Issue?

Posted in Commentary with tags , on August 7, 2013 by itnerd

It seems that there might be a bit of an issue with password management inside the popular Chrome browser. The issue was discovered by Elliott Kember who promptly posted this in his blog along with a how to guide to replicate this. In short, passwords are viewable in plain text by anyone who has access to the computer. That is a complete #FAIL if I have ever seen one.

But the story doesn’t end there.

This started a back and forth between Kember and Justin Schuh, the head of Chrome security, not to mention a few other people. The bottom line: As far as Schuh is concerned, Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change.

Now I can look at this in a couple of ways:

  • The fact that Chrome stores passwords in a form that any user can see is nuts. Firefox at least has a master password that can keep this sort of info out of the hands of someone with access to the computer.
  • The flip side to the above is that you shouldn’t be storing passwords inside the browser as it is potentially no better then writing it down on a sticky note and posting it on your monitor. Sooner or later something or someone is going to access it and then go nuts at your expense.

So I ask you, is this an issue or not? Share your opinion by posting a comment below.

Leave a comment »

Google Releases Chromebook Pixel…. Don’t Bother Buying One

Posted in Commentary with tags , on February 22, 2013 by itnerd

The title sounds harsh, and it is. You’ll see why as we go along.

Google has released a laptop called the Chromebook Pixel which runs the Google Chrome OS. It looks hot, but I’d rate this a must pass. Why? It starts at $1300. Are you kidding me? That kind of money for a netbook? I can get a MacBook which is a real computer unlike this thing for that kind of money. 

#fail

It also only comes with 32GB of storage. Want more storage, unless you’re willing to pay for storing it on Google Drive and you want to be tethered to a net connection, you’re out of luck. Oh, I’ll point out the base MacBook Air comes with twice that storage for less money. And it’s a real computer.

#epicfail

Here’s the bottom line. If this were $300… Maybe $500 at the most, I might be interested. But at $1300 to start, it’s way overpriced. Do yourself a favour and ignore this completely. It’s not worth your time to even think about.

Google must seriously be smoking crack if they think they can sell any of these.

Leave a comment »

Chrome Hacked Again At Pwn2Own…. Time To Get A New Browser

Posted in Commentary with tags , , on March 14, 2012 by itnerd

Google must be regretting that they ever urged people to hack their browser for cash. Google Chrome was hacked again at Pwn2Own. An image of an axe-wielding pink pony was the mark of success for a hacker with the handle of Pinkie Pie. This hacker subtly tweaked Chromium’s sandbox design by chaining together three zero-day vulnerabilities.

So Google. Can you truly claim that your browser is more secure than other browsers out there? I don’t think so.

Leave a comment »

Chrome Got Pwned At Pwn2Own

Posted in Commentary with tags , , on March 7, 2012 by itnerd

It that time of the year again. No it’s not just Roll Up The Rim To Win time in Canada. It’s Pwn2Own time. And this year it took a grand total of five minutes to find out who the first victim was. It was the much lauded Google Chrome who claimed that their sandboxing technology made it safer than other browsers. I guess that can’t be considered to be true anymore. The ironic thing is that Google offered up $1 million to anyone who could hack their browser not too long ago. I’m guessing that Google has to pay up now.

I wonder how Google will respond to this? A bug fix isn’t enough. They have to explain why this happened. I for one can’t wait for their answer.

Leave a comment »

Google Chrome For Mac Declared “Stable” By Google [UPDATED]

Posted in Commentary with tags , , on May 25, 2010 by itnerd

If you’re a Mac user who’s wanted to try Google Chrome for Mac and didn’t want to play with one of the beta versions, today is your lucky day. Google has decided that Chrome is now “stable” according to this blog posting:

Today, I’m happy to announce that Google Chrome for Mac is being promoted out of beta to our stable channel. We believe that it provides not only the stability, performance and polish that every Mac user expects, but also a seamless native Mac application experience that Mac users will feel instantly at home with.

I’ll be downloading my copy shortly as I’ve been holding off using it until this sort of announcement appeared. Post your experiences with it to the comments section. I in turn will be posting an update after I have a chance to run it through its paces.

UPDATE: Tried it. Liked it. Rendering is FAST. You should try it and you might switch.

Leave a comment »

« Older Entries