Saturday February 22, 2020
Home Lead Story Chrome, Firef...

Chrome, Firefox Browser Extensions Leaked Millions of Users’ Data: Report

The security expert has suggested users to delete all browser extensions they have installed in the past

0
//
zoutons
Google Chrome. Pixabay

Popular browser extensions like ad blockers have been caught harvesting personal data of millions of consumers who use Chrome and Firefox — not only their browsing histories but also exposing tax returns, medical records, credit card information and other sensitive data in the public domain.

According to an independent cyber security researcher Sam Jadali, the data has been leaked to a fee-based company called Nacho Analytics that gives unlimited access to any websites analytics data.

The data could be purchased for as little as $10 to $50, said Jadali whose report was first described in Ars Technica late on Friday.

“This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.

“Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services” have been exposed, said the report.

The exposed data via eight browser extensions also include vehicle identification, numbers of recently bought automobiles, along with the names and addresses of the buyers.

Patient details, travel itineraries, Facebook Messenger attachments and Facebook photos, even private, are now available in the public domain.

Browser extensions – also known as plug-ins or add-ons – are apps that consumers can install to run alongside their browser for additional functionality.

Firefox, Logo, Mozilla
Mozilla, the maker of Open Source browser Firefox, has released a new Firefox family of logos. Pixabay

The affected extensions were apps used by millions of people, including HoverZoom, SpeakIt!, and FairShare Unlock.

“The extensions have been remotely removed or disabled in consumers’ browsers and are no longer available for download,” said both Google and Firefox.

People who didn’t download the extensions may also be affected.

“Nobody is immune to this. Even if you don’t have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them,” Jadali was quoted as saying.

Also Read: Researchers Develop AI-driven System to Curb ‘Deepfake’ Videos

Nacho Analytics, for example, promises to let people “see anyone’s analytics account” and to provide “real-time web analytics for any website”.

The company charges $49 per month, per domain, to monitor any of the top 5,000 most widely-trafficked websites.

The security expert has suggested users to delete all browser extensions they have installed in the past. (IANS)

Next Story

Google to Remove Third-Party Cookies on Chrome Browser

Google to phase out third-party cookies from Chrome

0
Google
Google announced a new initiative (known as Privacy Sandbox) to develop a set of open standards to fundamentally enhance privacy on the web. Pixabay

Google has announced to phase out support for third-party cookies in Chrome browser within the next two years.

The tech giant in August last year announced a new initiative (known as Privacy Sandbox) to develop a set of open standards to fundamentally enhance privacy on the web.

“After initial dialogue with the web community, we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete,” the company said in a statement.

Google
Google has announced to phase out support for third-party cookies in Chrome browser. Pixabay

Google said once these approaches have addressed the needs of users, publishers, and advertisers, and it has developed the tools to mitigate workarounds, “it plans to phase out support for third-party cookies in Chrome”.

“Our intention is to do this within two years. But we cannot get there alone, and that’s why we need the ecosystem to engage on these proposals. We plan to start the first origin trials by the end of this year, starting with conversion measurement and following with personalization,” said Google.

Users today are demanding greater privacy — including transparency, choice and control over how their data is used. The web ecosystem needs to evolve to meet these increasing demands.

Chrome will also limit insecure cross-site tracking, starting in February, by treating cookies that don’t include a ‘SameSite’ label as first-party only, and require cookies labelled for third-party use to be accessed over HTTPS.

Also Read- CAA is Just Bad for India, Says Microsoft CEO Satya Nadella

“We are looking to build a more trustworthy and sustainable web together, and to do that we need your continued engagement. We encourage you to give feedback on the web standards community proposals via GitHub and make sure they address your needs,” said Justin Schuh, Director, Chrome Engineering.

Chrome’s competitors like Mozilla’s Firefox, have taken on third-party cookies in a big way. (IANS)