Ugh, the #chrome #extension ecosystem is exactly as bad as I'd expect.
And the fact extension is still up claiming not to collect any data even if it has been called out in one of the biggest security newsletters shows how much Google care about this (not much). The only thing they care about is pretending to ship AI features to detect malicious extensions. Because that's how you get promoted.
I mean is it even possible to report a suspicious or bad extension? I don't see anywhere
Great research by @WPalant and @c0m4r
And @campuscodi for putting the spotlight on it.
=> View attached media | View attached media
=> More informations about this toot | More toots from gnyman@infosec.exchange
@gnyman @WPalant @c0m4r @campuscodi if you install an extension (in a new profile in this case) and then uninstall it, there's a checkbox for reporting malware. Certainly not the most discoverable setup, and it requires that install.
=> More informations about this toot | More toots from david42@mastodon.online
@david42 @gnyman Have you ever heard of an extension being taken down after this? I suspect that it’s the same thing as https://support.google.com/chrome_webstore/answer/7508032?hl=en that various people pointed me to. You flag but you cannot even explain the issue. I don’t know what happens to the reports then, but I’ve never seen this do anything.
=> More informations about this toot | More toots from WPalant@infosec.exchange
@WPalant @gnyman I have no idea what happens to the reports or when. I'm sure something is done with them, eventually, given how Google operates internally.
=> More informations about this toot | More toots from david42@mastodon.online
text/geminiThis content has been proxied by September (ba2dc).