A CHROME EXTENSION for developers has been hijacked to serve adware to its one-million-plus users.
Chris Pederick, the creator of Web Developer Chrome extension, warned users on Wednesday that some unknown hackers apparently phished his Google account, updated the extension to version 0.4.9, and pushed it out to its 1,044,000 users.
What's more, the plugin has access to everything that's happening on a user's browser and has the ability to intercept traffic and track keystrokes, which could be bad news for Web Developer users that access their professional accounts using Chrome.
Pederick said that, within six hours of the extension being compromised, it had been yanked from the Chrome store, and an update to version 0.5 has since been pushed out. Web Developer users are advised to update asap.
Users are also being warned that they should change their passwords for all web accounts used on the browser and to nullify login tokens and cookies used on websites they visited while using the infected extension.
News of the Chrome extension hijack comes just days after another Chrome add-on fell victim to unknown hackers.
Copyfish, which allows users to extract text from images, PDF documents and video and has more than 37,500 users, was compromised after one of the extension's developers fell victim to a phishing trick which saw him hand over his Copyfish credentials.
Although it took the devs a full day to realise what had happened, the issue has since been fixed. µ
Patch? Patchy more like
Slurped surveillance info includes location data and social groups
Flagship can be picked up in Blighty from £649
Chronical unearths threat while probing Bayer cyberattack