A Chrome extension designed for the taking and annotation of screenshots has been found to be leaking sensitive data from its 1.2 million users, reports SC Magazine.
The extension, named Web Screenshot, had been given a 4.5 rating from users, unaware that it contained code that was scraping personal data and sending it back to a central US server.
According to Softpedia, Web Screenshot used a sleep function so that the scraping code was not activated until a week after it had been downloaded, helping the extension to go under the radar and bypass Google's detection mechanisms. Once activated, the extension could read the titles of pages accessed through Chrome, including usernames and personal details included in this area by certain web and email services.
A spokesman for Webpage Screenshot told the BBC there was nothing malicious about its data gathering: "Instead, said the spokesman, it was used to understand who the extension's users were and where they were located to help drive development of the code." He added that users could opt out of data sharing.
Web Screenshot has since been removed from the Web Store, but the case highlights the difficulty of distinguishing between harmful and legitimate browser extensions, many of which are technically very similar.
Google recently promised a clean-up of its Chrome extensions, after the company received more than 100,000 complaints about malicious ad injectors in the first three months of this year. The search giant banned 192 extensions from its store initially, while promising to provide a full report from its investigation which will be released on May 1.
Until that time, users are advised to tidy up their browsers – Chrome or otherwise – by remembering these five top tips from our video, below;
Photo: Rose Carson / Shutterstock.com