Browser extensions are meant to help users in several ways. However, a recent finding by security researcher Robert Theaton from San Francisco is quite worrying. A popular plugin called Stylish on Google Chrome and Mozilla Firefox was found to be recording everything that the users did online since January 2017 after it was sold to SimilarWeb.
According to a report by Alphr, the software used by the extension is designed to let users customize how the webpages should appear inside the browsers. This extension has been hijacked by spyware. Over 1.8 million users across the world use the extension and it is likely that it has been recording the browsing history of all its users.
User data could be hacked
What's worse is that the browsing data could be linked to their details making them identifiable and vulnerable to blackmailers and hackers. Check out some malicious Chrome extensions from here.
Mr. Theaton has taken to his blog stating, "It only takes one tracking request containing one session cookie to permanently associate a user account with a Stylish tracking identifier. This means that Stylish and SimilarWeb still have all the data they need to connect a real-world identity to a browsing history, should they or a hacker choose to."
He claims that Stylish sends the entire browsing activity to its servers along with a unique identifier. This includes Google search results on your browser. With this information, SimilarWeb connects to the users with all their online activity. In addition to having access to a copy of the users' complete browsing history, SimilarWeb also has other data such as email address and the users' identity.
In his blog, Robert claims that he noticed a massive number of requests going to api.userstyles.org and URLs are encoded with the Base64 Encoding, which is easy to decode using a decoder. He decoded the same to find a lot of session data and browser data, which has been sent to the company's servers.