Over 500 Chrome Extensions Secretly Uploaded Private Data | WIRED
More than 500 browser extensions downloaded millions of times from Google's Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.
The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations.
