The Stylish extension used by many Mozilla Firefox and Google Chrome users has been removed from their plugin repositories due to security concerns. A dangerous privacy leak has been exposed by a blogger which reported that the plugin reports private user data to the company behind it.
Firefox and Google Chrome Repositories Remove Stylish Extension Citing Security Concerns
Stylish is one of the most popular extensions available for the most web browsers. It allows users to customize the look and feel of popular web services and sites. This is done by installing themes that can be freely downloaded from the Internet.
The exact reason why the extension was taken down by the web browser developers is asTO report by a specialist stating that the extension has been bundled with a spyware instance. This means that all users that have been using it since January 2017 have their private data harvested.
The Stylish extension has been acquired by SimilarWeb and according to the report they create and maintain profiles of the individual’s website interactions in a database. All users that have created accounts on the themes site will be linked to specific tracking cookies. All installed versions of it also created unique user identifiers, whether or not they have an active account. What this behavior means is that SimilarWeb will have a full copy of all web browser contents that can be tied to user accounts email address. This allows the extension operators to access the following data:
- Browser History
- Browser Bookmarks
- Browser Cookies
- Browser Settings
While the expert explicitly states that the browser histories are hijacked, the same code can be used to obtain copies of all other contained within data such as the above mentioned cookies, settings and even (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/stylish-extension-stole-browsing-history-chrome-firefox/