A major security issue has been discovered in a number of browser extensions for both Firefox and Chrome. These browser extensions are harvesting your data, and you should remove them immediately.
The extensions are collecting massive amounts of very personal data from people’s web browsers, and selling this data on to third parties. The leak is so serious that it has been termed “catastrophic,” and it’s affecting both companies and individuals alike.
The Browser Extensions You Need to Uninstall
The extensions affected by this vulnerability are available for both Chrome and Firefox, as well as Chromium-based browsers such as Opera and Yandex Browser. And it doesn’t matter what operating system you’re using.
Whether you’re on Windows, macOS, Chrome OS, or even a Linux distribution like Ubuntu. If you have these extensions installed in your browser, they ARE stealing your data.
The affected Firefox extensions are as follows:
- SaveFrom.net Helper
- FairShare Unlock
And the affected Chrome extensions include two of the same, plus a number of others:
- FairShare Unlock
- Hover Zoom
- Branded Surveys
- Panel Community Surveys
Of these, both SpeakIt! and FairShare Unlock have more than one million users worldwide. So there are plenty of people who are at risk from this security vulnerability.
It’s worth checking whether your browser could be syncing your extensions as well. For example, if you have sync enabled on Google Chrome, your extensions may be mirrored between all the machines you use. This means an infection can spread from your home computer to your work computer.
What Data Are These Extensions Collecting?
The sheer volume and variety of data that is vulnerable to this issue is scary. If you install any of these extensions in your browser, they could collect information on you such as:
- Credit card information
- Personal interests
- GPS location
- Tax returns
- Travel itineraries
- Genetic profiles
If you install the extensions on a computer at your workplace, they could also collect information about your company, including company memos, firewall access codes, API keys, and more.
This information is hoovered up by the browser extensions. It is then sold on by a company which specializes in data analytics.
How the Extensions Collecting Your Data Work
Some of the extensions which collect data do mention what they are doing in their terms and conditions. In the fine print there are sometimes warnings that an extension will collect browsing data.
However, most users do not read terms and conditions. And it seems likely that that they would not agree to give over so much of their data if the knew about it.
Sam Jadali, the security researcher who discovered the data leak, named it “DataSpii”. Even security measures like authentication or encryption cannot prevent this issue. It works by using browser application interface functions (what are APIs?) which do have legitimate uses. But in this case the API functions are used maliciously.
To avoid detection, the extensions use clever obfuscation techniques like waiting 24 hours after installation before data siphoning began. This means that even if users examine an extension carefully after installing it, they would not spot the nefarious behavior as it would not begin until one day later.
Further, even if a user uninstalled an extension, their data would still be held by the extension and could be sold on to a third party.
What Information Sources Are These Extensions Leaking?
The main source of information that these extensions collect is through shared links. For example, say you are setting up a Skype meeting. You would email a link to the people you want to meet with. Then they click the link to join your meeting.
If you have one of these browser extensions installed, it can intercept that link. When you open a link in your web browser, the extension is able to see your actions. The extension can then even eavesdrop on your meeting. The same thing can happen with other conferencing software like Zoom.
Another scary information source of data leaks is ancestry sites like 23andMe. When you are given a 23andMe report on your DNA, the company sends you a link allowing you to share your results with friends and family. If you click this link then the browser extensions can intercept this page too, collecting information on your family DNA and even biomedical data such as your muscle composition.
A similar data leak can also occur in all sorts of other situations, like when you visit your Apple iCloud account, when you place an order with Apple.com, or when you use the web interface for your Nest surveillance videos. If you use online accountancy services like Quickbooks then the extensions can gather data about your taxes too.
Why It’s Hard to Protect Against These Data Leaks
As the extensions can spy on users through the use of shared links, one person with a compromised browser can inadvertently compromise their friends, family, and colleagues as well.
This makes it very hard for companies and individuals to protect against this kind of data leak. If someone you know has installed one of these extensions and they share a link or a Skype call with you, your data could be compromised even if you have never installed the extension yourself.
As Jadali said in his report on DataSpii:
“Even the most responsible individuals proved vulnerable to DataSpii; with vast budgets and myriad experts on hand, even the largest cybersecurity corporations proved vulnerable to DataSpii. Our data is only as secure as those with whom we entrust it.”
Be Careful When Installing Browser Extensions
This incident demonstrates why you need to be careful when installing browser extensions. Because even an extension that looks harmless could be hiding malicious code or stealing your data.
For this reason, make sure to research the reliability of a browser extension before installing it. Even a quick Google search should help. And here are some popular Firefox extensions you should remove right now to help you get started.