EditThisCookie is a specialized extension for Google Chrome that you may use to edit cookie data stored by the browser. I mentioned it back in 2015 here on Ghacks.
The extension, with over 3 million users and 11,000 ratings, has been removed from the Chrome Web Store. What Google has not removed is a copycat extension, first called EditThisCookies and now EditThisCookie®, which is malicious.
When you try to launch the Chrome Web Store address of the legitimate extension, you get the “This item is not available” error message. The page of the fake extension is still up (not linked, because it is malicious).
Eric Parker, known for his malware investigations, analyzed the malicious extension in a YouTube video.
The extension had 30,000 users at the time the video was published on YouTube. Today, it sits at more than 50,000 users.
Parker installed the extension on a test system and discovered several anomalies. These include:
- A fake website for the fake extension.
- Obfuscated code.
- Information stealing code, especially when on Facebook.
- Phishing.
- Advertising code.
The researcher did not find code to exfiltrate cookie data, which means that session cookies are not touched by the analyzed version of the extension.
With automatic extension updates enabled by default in Chrome, there is a chance that additional spyware or malware capabilities are added via updates.
Chrome and Chromium users may want to check the list of installed extensions to see if the fake one is installed on their devices.
Just load chrome://extensions/ in the browser’s address bar to get a list of all user-installed extensions. If you see EditThisCookies or EditThisCookie®, then you have the fake one installed. Remove it immediately in that case.
An alternative is Cookie Editor.
Good to know: our guide on verifying Chrome extensions.
Closing Words
The fate of the original popular cookie editing extension for Chrome is unclear at this stage.
A check on the legitimate’s extension presence on GitHub suggests that it may have something to do with missing Manifest V3 support. The extension appears to have been unavailable since at least July 2024.
While it would make for a great headline, that Google removed the wrong extension, it seems more likely that the legitimate extension was removed because it does not support the new extensions ruleset for Chrome.
Google’s web store had and still has a massive copyat extension problem. Back in 2015 and 2017, I noticed that the store hosted numerous “uBlock” extensions. All of them, with the exception of uBlock Origin, were copycats.
Expect more copycats of extensions that are not updated from the old extensions manifest to the new in the near future.
What is your take on this? Do you vet Chrome extensions before installation?
Summary
Article Name
Google Chrome: legit EditThisCookie extension removed instead of malicious copycat
Description
EditThisCookie, an extension with over 3 million users, is no longer available on the Chrome Web Store. Its fake copycat is, however. Here is what happened.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Advertisement
Source link
lol
