Users of Chrome and Firefox have been warned to check their browser extensions after a number of popular tools were found to be collecting and selling user data without permission.

Six extensions have been found to be hoovering up user information, an investigation by the Washington Post found, with data sent to a centralised platform.

Among the most popular tools were Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock and PanelMeasurement - all of which were avilable on Chrome, with two on offer to Firefox users. Overall, the extensions had been installed over four million times worldwide.

Data gathering

Dubbed DataSpii by security researcher Sam Jadali, the platform collated data collected by the apps and extensions over aperiod of time. Some extensions began gathering data immediately, but some waited several weeks to begin, with the average being 24 days.

This delay often meant users were not initially able to spot that anything was amiss, with Google and Mozilla researchers also apparently unaware anything was wrong. After this time, the extensions would download a JavaScript payload from Internet servers that included the data collecting code, but used clever methods to disguise what they were doing.

Jadali noted that these servers were linked back to analytics firm Nacho Analytics, which also had information on internal link data of major corporations such as Apple and Tesla.

All the extensions have now been remvoed from the Chrome and Firefox web stores, but users should still check to ensure their browsers are not at risk.

Via Washington Post