New issue
Advanced search Search tips

Issue 751718 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

Extension hacked = full machine access?

Reported by geo...@svetoslavov.com, Aug 2 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3174.0 Safari/537.36

Steps to reproduce the problem:
1. Install web developer extension and activate it
2. Open whatever website.
3. Intrusive ads are displayed

What is the expected behavior?

What went wrong?
An external JS code has been "executed", intrusive ads has been displayed to any page and from some of the lines of the code executed could think that some remote access could be granted.

This is the file which was called in case can not open the attachment: https://y.partnerwork.men/code/code/mss_3.js
Look for "Not super-user" to see the type of methods which this code could execute.

FYI: The web developer extension has been removed or currently unavailable at google play store.

Did this work before? N/A 

Chrome version: 62.0.3174.0  Channel: canary
OS Version: OS X 10.12.6
Flash Version: 

Any written feedback will be highly appreciated!
mss_3.js
402 KB View Download

Comment 1 by elawrence@chromium.org, Aug 2 2017

Status: WontFix (was: Unconfirmed)
No, extensions do not have "full machine access", although it is possible to grant an extension powerful capabilities that would be dangerous to privacy or security if abused. In most cases, as you note, malicious extensions are used to spam web pages with advertisements or redirect searches.

The JavaScript file attached to this bug was generated by an LLVM-to-JavaScript Compiler (e.g. emscripten) and the variable names you cite are an artifact of that process.

Comment 2 by geo...@svetoslavov.com, Aug 2 2017 

I've tried couple of combinations and this is what happened:
- If "web developer" extension is enabled, ads are being shown at random position in any open browser tab or new tabs are being opened (again randomly)
- If the chrome inspector is in use, JS error and info logs are generated within the console: installed time, execution time, etc and ends with some m_mining error (something related with the site of the url "Cryptonote Mining Pool "y.partnerwork.men)
- If the extension is disabled, everything works correctly.


In this case, nothing to worry about as you commented?
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 9 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment