2 min read

Better History Chrome extension goes rogue, hijacks browsers and displays ads

Graham CLULEY

April 05, 2016

Better History Chrome extension goes rogue, hijacks browsers and displays ads

A third-party Chrome extension, supposed to make management of your browsing history simpler, has been kicked out of the Chrome web store after users accused it of hijacking their browsing, fiddling with links and opening webpages displaying ads.

better-history-in-action

The Better History extension has been banned by Google, after users began to raise concerns that its behaviour had changed in recent weeks.

The first indication that something was afoot was when commenters on the project’s GitHub page noticed that the extension was requesting more permissions – namely to “Read and change all your data on the websites you visit” – and that the version available on the Chrome Web store was being updated, without updates being made to the code in the GitHub repository.

In other words, the extension was being changed to include more functionality – but it was tricky for typical users to identify what had been changed, and why.

Fortunately, some users were inquisitive and closely examined the new version of the Better History extension, discovering that it was redirecting clicks on HTTP links so that in 50% of the time it would display an additional webpage containing money-making ads. It was also possible for whoever was behind the extension to gather information on users and their online behaviour.

Other extensions were also named as sharing similar code – Chrome Currency Converter, Web Timer, User-Agent Switcher, 4chan Plus, and Hide My Adblocker.

With the level of concern raised, Better History and User-Agent History have been removed from the Chrome web store, and it’s possible that other extensions exhibiting the same behaviour will suffer the same fate.

extension-removed

As Softpedia reports, the extension’s original author Roy Kolak revealed that he had sold Better History “a month or two ago” to its new owners who had made the changes.

roy-kolak

Kolak went on to apologise for not informing users that the extension’s ownership had changed hands, and said he would email the user mailing list (which had not been sold) to tell them that the extension had been compromised.

The message is clear – you have to exercise caution about the browser extensions you load just as you would do with the software you install on your PC. Carefully consider the permissions that a browser extension requests, and if you are not comfortable – refuse them.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read