Chocolate Factory stays silent as infosec bods reveal badness
A team of security researchers have found malware in a popular Chrome extension which may have sent the browsing data of over 1.2m users to a single IP address.
ScrapeSentry credits its researchers with uncovering "a sinister side-effect to a free app [...] which potentially leaks [users'] personal information back to a single IP address in the USA".
Martin Zetterlund, one of ScrapeSentry's founders, told The Register that the extension's malicious functions would have been difficult to recognise through an automated auditing service because the sneaky developer had ensured this functionality is not downloaded until seven days after being installed..
ScrapeSentry analysed the dodgy Chrome extension last week and submitted its findings to Google.
