A new extension that steals usernames and passwords circulating on the Internet.
In the coming days you may want to be extra critical when installing new extensions to the Google Chrome. Developer Andrew Grech has made namely: an extension with jQuery, which steals your username and password on a number of popular websites.The expansion will include testing with Facebook, Twitter and Gmail, where the password was sent to a predefined email address.
- By accessing the DOM, one can read from the forms, including username and password fields. This was the idea to further develop the concept, write Grech in his blog.
Difficult to detect
When a user fills out a form, the extension to retrieve the information in the username and password field and send it as an e-mail. Then the form will be sent as usual, so that the user will not be called.
Grech has also chosen to include a copy of the source code on their websites, and the ability to exploit the security hole is thus open to all. Implementation of seemingly useful extensions can thus lure more users.
Now it is known, Google will hopefully close the gap as soon as possible.
