![]() ![]() Some may say no, they simply didn’t offer the whole truth. The end effect is the same, but an experienced user would be less likely to install this last extension, as they would either balk at the permission request or recognize the plug-in as a search hijacker by looking at these messages. The “normal” permission warnings for a search hijacker would look more similar to this: They did this by closing the current tab after capturing your search term and opening a new tab to perform the search for that term on their own site. The extensions we found managed to avoid having to display the message, “Read and change all your data on the websites you visit” that would be associated with the “tabCapture” method. Although the chrome.tabs API might be used for different reasons, it can also be used to see the URL that is associated with every newly-opened tab. The “tabs” permission is the reason for the “Read your browsing history” message. The “storage” permission does not invoke a message in the warning screen users see when they install an extension. ![]() However, if you require access to the url, pendingUrl, title, or favIconUrl properties of tabs.Tab, you must declare the “tabs” permission in the manifest.”Īnd indeed, in the manifest of this extension we found: "permissions": , “You can use most chrome.tabs methods and events without declaring any permissions in the extension’s manifest file. ![]() The closed tab would have displayed the search results from your default search provider. This script uses two chrome.tabs methods: One to create a new tab based on your search query, and the other to close the current tab. The relevant parts in background.js are these pieces, because they show us where our searches are going: const BASE_DOMAIN = '', pid = 9126, ver = 401 (, 10) What this manifest tells us is that the only active script is “background.js” and the declared permissions are “tabs” and “storage”. ![]() Registering a script in the manifest tells the extension which file to reference, and, optionally, how that file should behave. The first step in determining what an extension is up to is in looking at the manifest.json file. By doing so, it’s easier for them to read the plug-in’s programming and conduct appropriate analysis. Google had at some point decided to bar extensions that obfuscate their code. Some of these extensions are more straightforward once the user installs them and they are listed under the installed extensions.īut others are consistent in their lies even after they have been installed, which makes it even harder to find out which one is responsible for the search hijack. Why? Users are more likely to trust an extension with limited warnings or when permissions are explained to them.īut what is the use of these informative prompts if they only give you half the story? In this case, the PopStop extension doesn’t just read your browsing history, as the pop-up explains, but it also hijacks your search results. It already is habit for browser extensions to only ask for permissions needed to function properly up front-then ask for additional permissions later on after installing. The install prompt in the webstore is supposed to give you accurate information about the permissions the extension you are about to install requires. This extension, called PopStop, claims it can only read your browsing history. Recently, we came across a family of search hijackers that are deceptive about the permissions they are going to use in their install prompt. This is especially true because it can be hard to find out which of the Chrome extensions is the culprit if the browser starts acting up. Granted, they are not hard to remove, but having to do it over and over is a nuisance. “But I checked the permissions before I installed this pop-up-blocker-it said nothing about changing my searches,” my dad retorts after I scold him for installing yet another search-hijacking Chrome extension. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |