[$] Malware in open-source web extensions

Post Syndicated from jake original https://lwn.net/Articles/846272/rss

On February 4, millions of browser tabs were
suddenly terminated. Not everyone was surprised; the dozen people who spent the last
four months waiting for this tragedy to occur watched in relief as the
first
in a rapid stream of GitHub
comments
began pouring in. The Great Suspender, a Chrome
extension that suspended inactive tabs,
with around two-million users, had been forcibly uninstalled because it contained
malware. This was a serious problem for users, in part due to the difficulty in
recovering the lost tabs, but the extension’s malevolence had been
painfully obvious to anyone who cared to investigate it.