Chrome and Firefox Browser Extensions Steals Browsing Web Histories From Over 4M Users

Chrome and Firefox Browser Extensions Steals Browsing Web Histories From Over 4M Users

DataSpii a new privacy issue which puts millions of people browsing histories under risk. The term was coined and researched by security researcher Sam Jadali, he discovered eight such browser extensions that harvested over 4 million Firefox and Chrome users data.


The browser extensions collect sensitive data in real-time, that includes personally identifiable information (PII) and corporate information (CI). The data primarily impact Firefox and Chrome users because of eight invasive extensions.

These extensions collect the URLs, webpage titles, LAN IPs, hostnames, web server technology data and even embedded hyperlink in the web pages. Dan Goodin at Ars Technica reported that these collected data are published to fee-based service called Nacho Analytics.


Links Published into Nacho Analytics


The investigation started after Jadali found a set of links published into Nacho analytics that associated with one of his client domains and the links appeared to private conversations.


Jadali suspected that these links will be collected by some browser extensions, he analyzed more than 200 extensions including Hover Zoom, but none of the extension sends data to Nacho analytics.

Later he compared the Nacho Analytics timestamp with his server logs that monitor client domains, which indicates that two of three users having Hover Zoom extension added ..