Interesting: Popular screenshot tool removed from Chrome ext store and marked as malware
Chrome actually killed the extension very recently even though another author uploaded a previous version of it in the past days.
The stats that the plugin had: https://chrome-stats.com/d/haiidfhfnmfmicpakjjkibpcdoolnbbo , 330K~ users.
Looking at the code it seems a large part of the background.bundle.js has nothing to do with the actual functionality of the plugin. It does call home (authors URL) to download an identifier that seems to be used for mixpanel analytics.
But then it does have a few requests functions that seems very familiar to what I notice on the Video Downloader professional plugin case. I found @joepie91 analysis (https://gist.github.com/joepie91/fa55c936438bab8bb977e008e8be82f2) of that code and is where I only was able to match some of the logic of the background.bundle.js.
What I find amusing is that Chrome Webstore just removes the extension and doesn't publish a note for users to let them know what happened.
The screenshot functionality seems to be in the others JS files and that looks legit.
In my opinion Chrome should step up their game when it comes to letting random authors publish extensions. I do understand why the App Store (Apple) is so strict, I almost which Google was that strict.
Nowadays looking at the popular Plugins and looking at the amount of downloads and reviews doesn't seem enough to trust an app. Imagine having to inspect the code all the time.
In reality browsers are better off without plugins.
Comments
The screenshot key is all I need for screenshots.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
I believe this plugin had the ability to scroll the page and screenshot long pages and unify the shots.
If one needs that kind of screenshot, he needs help.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
You can do that without a Chrome Extension.
I can imagine web designers finding this useful.
@Mew for sure.
Just sharing the news, maybe other developers that like to do research might find this interesting.
It happens all the time, unfortunately. I used Nano Defender for a long time until it served malware after an acquisition.
Not really, it's just a review problem. Google certainly could review all of the popular plugins (which are the likely targets of malicious acquisitions and such), they just choose not to. Unlike Mozilla, which does actually review popular Firefox extensions for malicious code.
Edit: And this fits in a theme of Google being bizarrely obsessed with automation, to the point of refusing to put a human in the loop anywhere if it is at all avoidable. It's the same reason they provide zero customer support outside of a few places where they would have literally no customers if they did that.