Google already removed the popular add-on and even deactivated it on users’ computers. The Malicious Capabilities of The Great Suspender ExtensionĪccording to a GitHub post by Calum McConnell, the old maintainer of The Great Suspender most likely sold the extension to unknown parties with intent to exploit users in advertising fraud, tracking, etc. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. #TAB SUSPENDER SECURITY CODE#Īfter Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code running since November, and it does not appear to load the compromised script.
Tab suspender chrome malware update#
The malicious maintainer remains in control, however, and can introduce an update at any time. Well, they could until Google nuked the extension from their store, the researcher explained. The extension had more than two million installations. This simple tool has gained immense popularity and has been installed over 2,000,000 times. When the Developer mode is turned on, you will see an extended menu just below the Omnibar. Next, turn on the toggle beside the Developer mode. Once done, head over to the Chrome extensions page by typing chrome://extensions in the Omnibar.
Tab suspender chrome malware zip file#
The Great Suspender paused unused tabs in the browser and forcibly unloaded their resources to free up memory. Download the zip file from The Great Suspender fork GitHub repo and extract it. Its original purpose was to suspend tabs that aren’t in use and replace them with a blank grey screen before they were reloaded. The popular Chrome extension The Great Suspender contained malware and was therefore removed from the Chrome Web Store. The extension began behaving maliciously last November, resulting in Microsoft blocking it on its Edge browser. It appears that the original developer, Dean Oemcke, sold the extension in June last year, to an unknown party. Two new versions followed shortly after the purchase, released in Chrome Web Store. If you wish to continue using the extension with its original intent, you can download version 7.1.6 from GitHub. Note that you need to enable Chrome Developer mode in order to use it.
However, enabling the developer mode can have more consequences, as threat actors can abuse the Chrome sync feature to bypass firewalls and exfiltrate data. The new attack vector was discovered by security researcher Bojan Zdrnja. You can read more about his discovery in the technical write-up. Last year, security researchers reported a list of 295 malicious Chrome extensions that hijacked Google and Bing search results to inject ads. The extensions were installed by more than 80 million Chrome users.
0 kommentar(er)
