Beware! Malicious EditThisCookie Chrome Extension Steals Login Credentials

The Rise of a Dangerous Fake Extension

The original EditThisCookie extension was a widely trusted tool, boasting over 3 million users and 11,000 ratings. However, its removal from the Chrome Web Store—possibly due to incompatibility with Google’s Manifest V3 framework—left a security vacuum. Cybercriminals quickly filled this void with a fake version named “EditThisCookie?.”

Initially introduced as “EditThisCookies” and later rebranded, the fraudulent extension remains available on the Chrome Web Store and has already amassed over 50,000 users.

Cybersecurity expert Eric Parker uncovered the malicious nature of this extension in a detailed analysis. Here’s what he found:

• A fake website linked to the extension, misleading users.
• Obfuscated code designed to steal sensitive data, especially from Facebook accounts.
• Phishing mechanisms targeting user credentials.
• Embedded advertising scripts to generate illicit revenue.

While no cookie exfiltration was detected in the current version, Parker warned that automatic Chrome updates could enable attackers to roll out more harmful features without user consent.

Understanding Manifest V3’s Role

Manifest V3, Google’s new extension framework, is promoted as a more secure alternative to its predecessor. However, its rollout has been controversial.

• Legitimate extensions like uBlock Origin and EditThisCookie struggled to adapt to the new requirements.
• Meanwhile, malicious actors exploited gaps by creating Manifest V3-compliant yet harmful alternatives.

This incident highlights a core issue: while Manifest V3 enhances certain security aspects, it inadvertently creates opportunities for cybercriminals by displacing trusted tools.

How to Protect Yourself

To safeguard your browser and personal information, take these proactive steps:

1. Audit Installed Extensions:
2. Stay Informed:
3. Enable Enhanced Safe Browsing:
4. Explore Alternatives:

What This Means for Google

The malicious EditThisCookie? extension underscores significant gaps in the Chrome Web Store’s vetting process. While Google has introduced features like Enhanced Safe Browsing and removal notifications, these measures fall short in combating sophisticated threats like fake extensions.

To restore trust and enhance user safety, Google must:

• Strengthen Vetting Processes: Ensure thorough screening for all extensions.
• Increase Transparency: Provide clear communication about the reasons for extension removals.
• Bolster User Education: Equip users with the knowledge to identify potential threats.

Final Thoughts

This incident is a stark reminder of the risks associated with browser add-ons. Users must remain vigilant when installing extensions and regularly audit their browser settings for potential threats. At the same time, tech giants like Google must address systemic issues in their platforms to uphold user safety.

Let’s work together to create a safer digital environment. What’s your take on this issue? Share your thoughts and let’s discuss solutions for a more secure web.

#CyberSecurity #BrowserSafety #ChromeExtensions #ManifestV3 #Phishing