• 欢迎访问高洁博客,我们专注于源码分享!

[技术分享] Chrome 正在监视你,部分插件有后门

其他 高洁 3个月前 (06-22) 112次浏览 0个评论

在 Twitter 上看到 Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。

各位聚聚可以按照如下步骤操作看看自己有没有中招。

1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面

2.在该页面按下F12,在Console 控制台中运行以下代码,回车,为无风险,为风险项

https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt
malicious = [
  "acmnokigkgihogfbeooklgemindnbine",
  "apgohnlmnmkblgfplgnlmkjcpocgfomp",
  "apjnadhmhgdobcdanndaphcpmnjbnfng",
  "bahkljhhdeciiaodlkppoonappfnheoi",
  "bannaglhmenocdjcmlkhkcciioaepfpj",
  "bgffinjklipdhacmidehoncomokcmjmh",
  "bifdhahddjbdbjmiekcnmeiffabcfjgh",
  "bjpknhldlbknoidifkjnnkpginjgkgnm",
  "blngdeeenccpfjbkolalandfmiinhkak",
  "ccdfhjebekpopcelcfkpgagbehppkadi",
  "cceejgojinihpakmciijfdgafhpchigo",
  "cebjhmljaodmgmcaecenghhikkjdfabo",
  "chbpnonhcgdbcpicacolalkgjlcjkbbd",
  "cifafogcmckphmnbeipgkpfbjphmajbc",
  "clopbiaijcfolfmjebjinippgmdkkppj",
  "cpgoblgcfemdmaolmfhpoifikehgbjbf",
  "dcmjopnlojhkngkmagminjbiahokmfig",
  "deiiiklocnibjflinkfmefpofgcfhdga",
  "dipecofobdcjnpffbkmfkdbfmjfjfgmn",
  "dopkmmcoegcjggfanajnindneifffpck",
  "dopmojabcdlfbnppmjeaajclohofnbol",
  "edcepmkpdojmciieeijebkodahjfliif",
  "ekbecnhekcpbfgdchfjcfmnocdfpcanj",
  "elflophcopcglipligoibfejllmndhmp",
  "eogfeijdemimhpfhlpjoifeckijeejkc",
  "fcobokliblbalmjmahdebcdalglnieii",
  "fgafnjobnempajahhgebbbpkpegcdlbf",
  "fgcomdacecoimaejookmlcfogngmfmli",
  "fgmeppijnhhafacemgoocgelcflipnfd",
  "fhanjgcjamaagccdkanegeefdpdkeban",
  "flfkimeelfnpapcgmobfgfifhackkend",
  "fmahbaepkpdimfcjpopjklankbbhdobk",
  "foebfmkeamadbhjcdglihfijdaohomlm",
  "fpngnlpmkfkhodklbljnncdcmkiopide",
  "gdifegeihkihjbkkgdijkcpkjekoicbl",
  "gfcmbgjehfhemioddkpcipehdfnjmief",
  "gfdefkjpjdbiiclhimebabkmclmiiegk",
  "ggijmaajgdkdijomfipnpdfijcnodpip",
  "ghgjhnkjohlnmngbniijbkidigifekaa",
  "gllihgnfnbpdmnppfjdlkciijkddfohn",
  "gmmohhcojdhgbjjahhpkfhbapgcfgfne",
  "gofhadkfcffpjdbonbladicjdbkpickk",
  "hapicipmkalhnklammmfdblkngahelln",
  "hijipblimhboccjcnnjnjelcdmceeafa",
  "hmamdkecijcegebmhndhcihjjkndbjgk",
  "hodfejbmfdhcgolcglcojkpfdjjdepji",
  "hpfijbjnmddglpmogpaeofdbehkpball",
  "ianfonfnhjeidghdegbkbbjgliiciiic",
  "ibfjiddieiljjjccjemgnoopkpmpniej",
  "inhdgbalcopmbpjfincjponejamhaeop",
  "iondldgmpaoekbgabgconiajpbkebkin",
  "ipagcbjbgailmjeaojmpiddflpbgjngl",
  "jagbooldjnemiedoagckjomjegkopfno",
  "jdheollkkpfglhohnpgkonecdealeebn",
  "jfefcmidfkpncdkjkkghhmjkafanhiam",
  "jfgkpeobcmjlocjpfgocelimhppdmigj",
  "jghiljaagglmcdeopnjkfhcikjnddhhc",
  "jgjakaebbliafihodjhpkpankimhckdf",
  "jiiinmeiedloeiabcgkdcbbpfelmbaff",
  "jkdngiblfdmfjhiahibnnhcjncehcgab",
  "jkofpdjclecgjcfomkaajhhmmhnninia",
  "kbdbmddhlgckaggdapibpihadohhelao",
  "keceijnpfmmlnebgnkhojinbkopolaom",
  "khhemdcdllgomlbleegjdpbeflgbomcj",
  "kjdcopljcgiekkmjhinmcpioncofoclg",
  "kjgaljeofmfgjfipajjeeflbknekghma",
  "labpefoeghdmpbfijhnnejdmnjccgplc",
  "lameokaalbmnhgapanlloeichlbjloak",
  "lbeekfefglldjjenkaekhnogoplpmfin",
  "lbhddhdfbcdcfbbbmimncbakkjobaedh",
  "ldoiiiffclpggehajofeffljablcodif",
  "lhjdepbplpkgmghgiphdjpnagpmhijbg",
  "ljddilebjpmmomoppeemckhpilhmoaok",
  "ljnfpiodfojmjfbiechgkbkhikfbknjc",
  "lnedcnepmplnjmfdiclhbfhneconamoj",
  "lnlkgfpceclfhomgocnnenmadlhanghf",
  "loigeafmbglngofpkkddgobapkkcaena",
  "lpajppfbbiafpmbeompbinpigbemekcg",
  "majekhlfhmeeplofdolkddbecmgjgplm",
  "mapafdeimlgplbahigmhneiibemhgcnc",
  "mcfeaailfhmpdphgnheboncfiikfkenn",
  "mgkjakldpclhkfadefnoncnjkiaffpkp",
  "mhinpnedhapjlbgnhcifjdkklbeefbpa",
  "mihiainclhehjnklijgpokdpldjmjdap",
  "mmkakbkmcnchdopphcbphjioggaanmim",
  "mopkkgobjofbkkgemcidkndbglkcfhjj",
  "mpifmhgignilkmeckejgamolchmgfdom",
  "nabmpeienmkmicpjckkgihobgleppbkc",
  "nahhmpbckpgdidfnmfkfgiflpjijilce",
  "ncepfbpjhkahgdemgmjmcgbgnfdinnhk",
  "npaklgbiblcbpokaiddpmmbknncnbljb",
  "npdfkclmbnoklkdebjfodpendkepbjek",
  "nplenkhhmalidgamfdejkblbaihndkcm",
  "oalfdomffplbcimjikgaklfamodahpmi",
  "odnakbaioopckimfnkllgijmkikhfhhf",
  "oklejhdbgggnfaggiidiaokelehcfjdp",
  "omgeapkgiddakeoklcapboapbamdgmhp",
  "oonbcpdabjcggcklopgbdagbfnkhbgbe",
  "opahibnipmkjincplepgjiiinbfmppmh",
  "pamchlfnkebmjbfbknoclehcpfclbhpl",
  "pcfapghfanllmbdfiipeiihpkojekckk",
  "pchfjdkempbhcjdifpfphmgdmnmadgce",
  "pdpcpceofkopegffcdnffeenbfdldock",
  "pgahbiaijngfmbbijfgmchcnkipajgha",
  "pidohlmjfgjbafgfleommlolmbjdcpal",
  "pilplloabdedfmialnfchjomjmpjcoej",
  "pklmnoldkkoholegljdkibjjhmegpjep",
  "pknkncdfjlncijifekldbjmeaiakdbof",
  "plmgefkiicjfchonlmnbabfebpnpckkk",
  "pnciakodcdnehobpfcjcnnlcpmjlpkac",
  "ponodoigcmkglddlljanchegmkgkhmgb",
];

document
  .querySelector("extensions-manager")
  .shadowRoot.querySelector("cr-view-manager extensions-item-list")
  .shadowRoot.querySelectorAll("extensions-item")
  .forEach((item) => {
    const name = item.shadowRoot.querySelector("#name").innerText;
    if (malicious.includes(item.id)) {
      console.log("❌", item.id, name);
    } else {
      console.log("✅", item.id, name);
    }
  });

3.删除提示风险的插件

我检查了下自己装的插件,没有问题。不少人在网上反馈中招了,而且目前还没有太好的解决方案。如果真有中招的,建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 使用一阵子吧。说实在的,现在市面上的各种数据隐私解决方案都过于复杂了,用户的使用门槛都很高,大家索性对这块就放任不顾了。世界上最大的 DNA 数据库、最大的面部数据库、最大的数字户籍体系…… 还有很多。


免责声明:本站的资源均来自于互联网,仅为资源共享、学习参考之目的,其版权均归原作者及其网站所有,如有侵权请留言联系。
喜欢 (2)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址