A CHROME EXTENSION for developers has been hijacked to serve adware to its one-million-plus users.
Chris Pederick, the creator of Web Developer Chrome extension, warned users on Wednesday that some unknown hackers apparently phished his Google account, updated the extension to version 0.4.9, and pushed it out to its 1,044,000 users.
What's more, the plugin has access to everything that's happening on a user's browser and has the ability to intercept traffic and track keystrokes, which could be bad news for Web Developer users that access their professional accounts using Chrome.
Pederick said that, within six hours of the extension being compromised, it had been yanked from the Chrome store, and an update to version 0.5 has since been pushed out. Web Developer users are advised to update asap.
Users are also being warned that they should change their passwords for all web accounts used on the browser and to nullify login tokens and cookies used on websites they visited while using the infected extension.
News of the Chrome extension hijack comes just days after another Chrome add-on fell victim to unknown hackers.
Copyfish, which allows users to extract text from images, PDF documents and video and has more than 37,500 users, was compromised after one of the extension's developers fell victim to a phishing trick which saw him hand over his Copyfish credentials.
Although it took the devs a full day to realise what had happened, the issue has since been fixed. µ
Vulnerability targets hardware created by Infineon Technologies
Expect something commercial in 2019
Ex-employees say bugs were stolen and used in future attacks
Oreo flagship impresses with its market-leading camera and blazing-fast performance