Sign in / up

back to article What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out

Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious. Around that time, Google was made aware of these concerns and looked into the situation. The Register understands that the unidentified maintainer of the project subsequently resubmitted the extension without the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    They go after the older weaker members of the herd

    Had a shock a couple of days ago, building up software on a new PC. Moving through the list of stuff on the old one, came to BitTorrent, and installed the latest. What a nest of mebbe-malware! Took me three hours to be sure I'd neutralized it.

    I think indeed that the ownership has moved on to some group of malware vendors. And from the lack of too many negative reports (there are a few) I think that it is just that everyone these days is installing one of the many many other torrent wranglers. Thus the product's near-automatic updates to rotten-ware are only happening to older installs? It was a night-and-day difference to me, but how many other people wouldn't even notice?

    Isn't there a clearing house for "this product has gone bad!" ?

    29 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Circle of Life... or Arms Race...

      'Isn't there a clearing house for "this product has gone bad!" ?'

      Soon to be followed by "Isn't there a product for 'this clearing house has gone bad!'?".

      25 0 Reply
    2. katrinab Silver badge
      Reply Icon
      Unhappy

      Re: They go after the older weaker members of the herd

      That clearing house would be Anti-Virus software, however, many examples of that breed do more harm than good.

      11 0 Reply
    3. Henry Wertz 1 Gold badge
      Reply Icon

      Re: They go after the older weaker members of the herd

      Not to turn this into a Linux plug, but I have not had that problem with my Linux distros, besides there being free and open source versions of almost everything... the commercial softwares that accumulate extra junk in the Windows version installer, the Linux version has zero additional software. Strictly speaking, there's no technical reason for this, they seem to have just de-facto decided that Windows users will put up with it while Linux users will not.

      Even the infamous RealPlayer from years past, which I heard got quite bad in the Windows version (i.e. lots of extra software, and intentionally confusing stuff like you go and uncheck all the boxes, but a few unchecking means you *do* install the extra software), the Linux version was RealPlayer and only RealPlayer up to the end.

      8 6 Reply
      1. SuperGeek
        Reply Icon

        Re: They go after the older weaker members of the herd

        It's obvious. Windows has a MUCH larger market share and user base in the home sector, so dodgy adware spreads faster.

        Not rocket science, really.

        9 5 Reply
      2. Roland6 Silver badge
        Reply Icon

        Re: They go after the older weaker members of the herd

        >Not to turn this into a Linux plug

        So Chrome on Linux doesn't support Chrome extensions such as this one then?

        4 0 Reply
        1. PeteA
          Reply Icon
          Unhappy

          Re: They go after the older weaker members of the herd

          Straw man - the "Linux plug" was in response to a comment relating to the installation of native software:

          Had a shock a couple of days ago, building up software on a new PC. Moving through the list of stuff on the old one, came to BitTorrent, and installed the latest.

          Irrespective of operating system, browser or other specific technology choices though, the fundamental issue is one of untrusted code execution; specifically, _who_ do we trust? Can I trust my hardware (particularly the firmware) at all? If so, then do I trust the operating system - even if it was pre-installed by the vendor (think Android) together with a bunch of arbitrary software of their choice? How about when I choose some ${package} for the software I'm developing as a convenience utility?

          The reality is that at some point you have to trust your supplier. I don't claim to have a good answer for the core problems, though I do like the kubeos ideas. Given that I'm a reasonably experienced "IT professional" without a watertight solution, and in the context of the article; is it truly reasonable to expect "average users" to be able to make an informed decision about what they install from an apparently-supplier-sanctioned source (the Chrome web store)?

          If the answer is "No, an average user cannot be expected to make an informed choice" then there is a consequential burden on the supplier to do so on their behalf. Apparently, in this case, they have fallen short because the black-hats have found a loophole in the decision-making progress and are ahead for a while. Unfortunately, Google appear to have chosen the Boeing strategy of denying this and working to close the hole.

          3 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: They go after the older weaker members of the herd

          Linux is a virus

          0 1 Reply
    4. CountCadaver Silver badge
      Reply Icon

      Re: They go after the older weaker members of the herd

      Qbittorrent is my current go to, small, no cruft (that I've noticed that is)

      8 0 Reply
      1. fobobob
        Reply Icon

        Re: They go after the older weaker members of the herd

        +1 - also rtorrent if you like ncurses.

        2 0 Reply
        1. pc-fluesterer.info
          Reply Icon
          Linux

          rtorrent is Unix (Linux) only

          +1, but rtorrent is Linux only. Which shows that you are on the same wave I am. :-)

          1 0 Reply
    5. cyberdemon Silver badge
      Reply Icon
      Coat

      Easy solution: Build everything from source!

      Run Slackware! Review the source of all packages line by line before you compile them from source! Throw out those binary blobs! Shun your Broadcom and your NVidia, and your Intel backdoored silicon, run it all on OpenSPARC on an FPGA! You will be immune from all bait-and-switch attacks.

      What do you mean it's slow and it doesn't work?? :(

      10 2 Reply
      1. jelabarre59
        Reply Icon

        Re: Easy solution: Build everything from source!

        You mean you can't run Linux on the Commander X16?

        0 0 Reply
    6. Doctor Syntax Silver badge
      Reply Icon

      A clearing house for "this product has gone bad!"

      That's the optimists' version. How about a clearing house for "this product hasn't yet gone bad"?

      1 0 Reply
  2. Blackjack Silver badge

    Who still uses extensions in Chrome anyway?

    It has been know for years they have just been getting worse and that was before Google decided to make changes to Chrome that makes most extensions useless.

    I stopped using Chrome years ago and if Firefox dies I am screwed because I use both Icecat and Seamonkey.

    Seamonkey is also the only modern browser that still has a up to date 32 bit version as far as I know.

    5 8 Reply
    1. skalamanga
      Reply Icon

      Re: Who still uses extensions in Chrome anyway?

      Plenty of chrome extensions work just fine.

      Why on earth would you be using a 32bit browser?

      6 8 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Who still uses extensions in Chrome anyway?

        I'm guessing because he still runs a 32bit OS. You can tell the forward-looking types...

        13 2 Reply
      2. Lon24
        Reply Icon

        Re: Who still uses extensions in Chrome anyway?

        Possibly because you are still using 32 bit processors? Not much has equalled the old netbooks for stuffing into a small bag and being the best value for money being, mostly, in my case 10 year old fully depreciated Atoms. My major gripe is Linux Mint will drop support for its last 32 bit release in 2023. Guess that will make them landfill.

        OK it's Chromium rather than Chrome but it supports the same extensions.

        12 0 Reply
        1. Anonymous Coward
          Reply Icon
          Thumb Up

          Re: Who still uses extensions in Chrome anyway?

          I agree about the netbooks. My eeePC was on Mint 19.3 until recently but I decided to move to something a little less resource-hungry . It now happily runs MX Linux 19.3. It is a bit different to Mint, but it runs better and I'm quite happy with it (and they have no current plans to drop 32bit support).

          6 0 Reply
          1. pc-fluesterer.info
            Reply Icon
            IT Angle

            MX Linux is based on debian too

            here applies the same as for LMDE (see other post): They rely on debian supplying 32-bit still, which in turn relies on the kernel development of course. Bit if sometime in the future Linux will drop 32-bit support you can still move to xBSD. :-)

            2 0 Reply
        2. Henry Wertz 1 Gold badge
          Reply Icon

          Re: Who still uses extensions in Chrome anyway?

          Gotta admit I'm not too chuffed about all this -- I've been used to the limit on what I can run under Linux being simply resource contraints (i.e. due to slow CPU meaning some video encode would take a week, or low RAM meaning something would grind to a halt due to swapping), not due to "we're not building for your CPU any more."

          But, I did read (with Ubuntu) that with 18.04, 10% were running 32-bit, and 10% of that 10% (i.e. 1%) actually needed 32-bit.. (the other 9% were running 32-bit Ubuntu on 64-bit systems, since the page then said something like "if you're not sure, get this version"... and possibly thinking the 32-bit version was more app-compatible, since the earlier 64-bit Windows versions did have a few compatibility problems with old apps. I think 16-bit and DOS apps.. I don't think later Windows versions fixed the compatibility, it's just people didn't use apps that old any more.)

          2 0 Reply
          1. druck Silver badge
            Reply Icon

            Re: Who still uses extensions in Chrome anyway?

            For the other 9% that can run 64-bit they should offer an migration path. I managed to upgrade a 32-bit OpenSUSE VM to 64-bit relatively painlessly by following a page of instructions, so it can be done, and it could be automated fairly easily.

            1 0 Reply
        3. Robert Helpmann??
          Reply Icon
          Stop

          Re: Who still uses extensions in Chrome anyway?

          Guess that will make them landfill.

          Shirley, you meant e-waste and not landfill. Please recycle responsibly!

          5 0 Reply
          1. jelabarre59
            Reply Icon

            Re: Who still uses extensions in Chrome anyway?

            That simply means it becomes landfill in some 3rd-world country rather than ours.

            6 0 Reply
        4. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Who still uses extensions in Chrome anyway?

          Strange how you think your old netbook will suddenly stop working when Mint drops support for it..

          Does Mint come with a kill-switch? Whatever, there are plenty of other operating systems that will continue to support i386. https://itsfoss.com/32-bit-os-list/

          6 0 Reply
        5. pc-fluesterer.info
          Reply Icon
          Megaphone

          go for LMDE

          LMDE still is available 32-bit.

          Alas it comes with cinnamon which is a resource hog - not particularly apt for weak HW. :-)

          But fear not, you can easily install a slim DE such as MATE or XFCE.

          BTDT.

          LMDE will remain available 32-bit as long as debian will.

          1 0 Reply
        6. jelabarre59
          Reply Icon

          Re: Who still uses extensions in Chrome anyway?

          The biggest problem with Chromium over Google Chrome has been that the Offline GoogleDocs extension only works under actual GChrome, and there is no intention in either camp to fix it. (I'm mainly using GDocs for some of my fanfiction/original fiction).

          0 0 Reply
        7. jelabarre59
          Reply Icon

          Re: Who still uses extensions in Chrome anyway?

          I also had been using an old Acer AspierOne 32bit machine for the small/portable device (biggest problem being the GCocs offline extension not working there). Although a crazy/weird idea has been to replace the mainboard in it with a rPi4.

          0 0 Reply
      3. fobobob
        Reply Icon

        Re: Who still uses extensions in Chrome anyway?

        Keeps runaway tabs from ever being able to consume more than 2GB of RAM within a single process. I can't really think of any other fringe benefits.

        0 0 Reply
    2. Sparkus
      Reply Icon

      Re: Who still uses extensions in Chrome anyway?

      Vivaldi still available in 32 bit

      1 0 Reply
    3. The Dogs Meevonks Silver badge
      Reply Icon

      Re: Who still uses extensions in Chrome anyway?

      "Who still uses chome anyway?"

      There, fixed that for ya.

      5 0 Reply
      1. Twilight
        Reply Icon

        Re: Who still uses extensions in Chrome anyway?

        Based on the stats, a TON of people still use Chrome. I use Chrome because, while it is a resource hog, Firefox is worse. About a year ago, I heard how much better Firefox had gotten about resource management and process isolation so I gave it another shot - it may be better but it is (still) a horrible resource hog.

        1 4 Reply
  3. sitta_europea Silver badge

    Is this why, when I went to the DHL Website, my browser suddenly started using 100% CPU?

    Of course I shut it down.

    4 0 Reply
  4. Twilight

    I really hope Great Suspender doesn't go malware. I use it and it is the only thing keeping Chrome's resource hogging in check (I tend to use LOTS of tabs).

    Does anyone know of a fork of Great Suspender or an alternative (for Chrome/Edge)?

    2 0 Reply
    1. pc-fluesterer.info
      Reply Icon
      Megaphone

      alternatives

      not a fork, but alternatives. Brought to you by the chocolate factory: https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg?hl=en ((scroll down to "related"))

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like