If an extension goes rogue, everything you do in your browser is compromised
Graham Cluley writes:
One popular service which has its own Chrome browser extension is Mega.nz – the cloud-based file-sharing service founded by the shadowy larger-than-life figure of Kim Dotcom (he severed all ties with Mega three years ago.)
This week, as ZDNet reports, the official Chrome browser extension for Mega.nz was compromised with a malicious update.
User of the extension received an automatic update which requested more permissions, including the ability to “read and change all your data on the websites that you visit.” In all likelihood many users simply clicked through the warning.
That, of course, was a big mistake.
Read more on GrahamCluley.com.