Press "Enter" to skip to content

Chrome 正在监视你,部分插件有后门

si'hai'ba四海吧gong'zhong'h

在 Twitter 上看到 Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。

各位聚聚可以按照如下步骤操作看看自己有没有中招。

1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面

2.在该页面按下F12,在Console 控制台中运行以下代码,回车,为无风险,为风险项

// https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt

malicious = [
"acmnokigkgihogfbeooklgemindnbine",
"apgohnlmnmkblgfplgnlmkjcpocgfomp",
"apjnadhmhgdobcdanndaphcpmnjbnfng",
"bahkljhhdeciiaodlkppoonappfnheoi",
"bannaglhmenocdjcmlkhkcciioaepfpj",
"bgffinjklipdhacmidehoncomokcmjmh",
"bifdhahddjbdbjmiekcnmeiffabcfjgh",
"bjpknhldlbknoidifkjnnkpginjgkgnm",
"blngdeeenccpfjbkolalandfmiinhkak",
"ccdfhjebekpopcelcfkpgagbehppkadi",
"cceejgojinihpakmciijfdgafhpchigo",
"cebjhmljaodmgmcaecenghhikkjdfabo",
"chbpnonhcgdbcpicacolalkgjlcjkbbd",
"cifafogcmckphmnbeipgkpfbjphmajbc",
"clopbiaijcfolfmjebjinippgmdkkppj",
"cpgoblgcfemdmaolmfhpoifikehgbjbf",
"dcmjopnlojhkngkmagminjbiahokmfig",
"deiiiklocnibjflinkfmefpofgcfhdga",
"dipecofobdcjnpffbkmfkdbfmjfjfgmn",
"dopkmmcoegcjggfanajnindneifffpck",
"dopmojabcdlfbnppmjeaajclohofnbol",
"edcepmkpdojmciieeijebkodahjfliif",
"ekbecnhekcpbfgdchfjcfmnocdfpcanj",
"elflophcopcglipligoibfejllmndhmp",
"eogfeijdemimhpfhlpjoifeckijeejkc",
"fcobokliblbalmjmahdebcdalglnieii",
"fgafnjobnempajahhgebbbpkpegcdlbf",
"fgcomdacecoimaejookmlcfogngmfmli",
"fgmeppijnhhafacemgoocgelcflipnfd",
"fhanjgcjamaagccdkanegeefdpdkeban",
"flfkimeelfnpapcgmobfgfifhackkend",
"fmahbaepkpdimfcjpopjklankbbhdobk",
"foebfmkeamadbhjcdglihfijdaohomlm",
"fpngnlpmkfkhodklbljnncdcmkiopide",
"gdifegeihkihjbkkgdijkcpkjekoicbl",
"gfcmbgjehfhemioddkpcipehdfnjmief",
"gfdefkjpjdbiiclhimebabkmclmiiegk",
"ggijmaajgdkdijomfipnpdfijcnodpip",
"ghgjhnkjohlnmngbniijbkidigifekaa",
"gllihgnfnbpdmnppfjdlkciijkddfohn",
"gmmohhcojdhgbjjahhpkfhbapgcfgfne",
"gofhadkfcffpjdbonbladicjdbkpickk",
"hapicipmkalhnklammmfdblkngahelln",
"hijipblimhboccjcnnjnjelcdmceeafa",
"hmamdkecijcegebmhndhcihjjkndbjgk",
"hodfejbmfdhcgolcglcojkpfdjjdepji",
"hpfijbjnmddglpmogpaeofdbehkpball",
"ianfonfnhjeidghdegbkbbjgliiciiic",
"ibfjiddieiljjjccjemgnoopkpmpniej",
"inhdgbalcopmbpjfincjponejamhaeop",
"iondldgmpaoekbgabgconiajpbkebkin",
"ipagcbjbgailmjeaojmpiddflpbgjngl",
"jagbooldjnemiedoagckjomjegkopfno",
"jdheollkkpfglhohnpgkonecdealeebn",
"jfefcmidfkpncdkjkkghhmjkafanhiam",
"jfgkpeobcmjlocjpfgocelimhppdmigj",
"jghiljaagglmcdeopnjkfhcikjnddhhc",
"jgjakaebbliafihodjhpkpankimhckdf",
"jiiinmeiedloeiabcgkdcbbpfelmbaff",
"jkdngiblfdmfjhiahibnnhcjncehcgab",
"jkofpdjclecgjcfomkaajhhmmhnninia",
"kbdbmddhlgckaggdapibpihadohhelao",
"keceijnpfmmlnebgnkhojinbkopolaom",
"khhemdcdllgomlbleegjdpbeflgbomcj",
"kjdcopljcgiekkmjhinmcpioncofoclg",
"kjgaljeofmfgjfipajjeeflbknekghma",
"labpefoeghdmpbfijhnnejdmnjccgplc",
"lameokaalbmnhgapanlloeichlbjloak",
"lbeekfefglldjjenkaekhnogoplpmfin",
"lbhddhdfbcdcfbbbmimncbakkjobaedh",
"ldoiiiffclpggehajofeffljablcodif",
"lhjdepbplpkgmghgiphdjpnagpmhijbg",
"ljddilebjpmmomoppeemckhpilhmoaok",
"ljnfpiodfojmjfbiechgkbkhikfbknjc",
"lnedcnepmplnjmfdiclhbfhneconamoj",
"lnlkgfpceclfhomgocnnenmadlhanghf",
"loigeafmbglngofpkkddgobapkkcaena",
"lpajppfbbiafpmbeompbinpigbemekcg",
"majekhlfhmeeplofdolkddbecmgjgplm",
"mapafdeimlgplbahigmhneiibemhgcnc",
"mcfeaailfhmpdphgnheboncfiikfkenn",
"mgkjakldpclhkfadefnoncnjkiaffpkp",
"mhinpnedhapjlbgnhcifjdkklbeefbpa",
"mihiainclhehjnklijgpokdpldjmjdap",
"mmkakbkmcnchdopphcbphjioggaanmim",
"mopkkgobjofbkkgemcidkndbglkcfhjj",
"mpifmhgignilkmeckejgamolchmgfdom",
"nabmpeienmkmicpjckkgihobgleppbkc",
"nahhmpbckpgdidfnmfkfgiflpjijilce",
"ncepfbpjhkahgdemgmjmcgbgnfdinnhk",
"npaklgbiblcbpokaiddpmmbknncnbljb",
"npdfkclmbnoklkdebjfodpendkepbjek",
"nplenkhhmalidgamfdejkblbaihndkcm",
"oalfdomffplbcimjikgaklfamodahpmi",
"odnakbaioopckimfnkllgijmkikhfhhf",
"oklejhdbgggnfaggiidiaokelehcfjdp",
"omgeapkgiddakeoklcapboapbamdgmhp",
"oonbcpdabjcggcklopgbdagbfnkhbgbe",
"opahibnipmkjincplepgjiiinbfmppmh",
"pamchlfnkebmjbfbknoclehcpfclbhpl",
"pcfapghfanllmbdfiipeiihpkojekckk",
"pchfjdkempbhcjdifpfphmgdmnmadgce",
"pdpcpceofkopegffcdnffeenbfdldock",
"pgahbiaijngfmbbijfgmchcnkipajgha",
"pidohlmjfgjbafgfleommlolmbjdcpal",
"pilplloabdedfmialnfchjomjmpjcoej",
"pklmnoldkkoholegljdkibjjhmegpjep",
"pknkncdfjlncijifekldbjmeaiakdbof",
"plmgefkiicjfchonlmnbabfebpnpckkk",
"pnciakodcdnehobpfcjcnnlcpmjlpkac",
"ponodoigcmkglddlljanchegmkgkhmgb",
];

document
.querySelector("extensions-manager")
.shadowRoot.querySelector("cr-view-manager extensions-item-list")
.shadowRoot.querySelectorAll("extensions-item")
.forEach((item) => {
const name = item.shadowRoot.querySelector("#name").innerText;
if (malicious.includes(item.id)) {
console.log("❌", item.id, name);
} else {
console.log("✅", item.id, name);
}
});

3.删除提示风险的插件
我检查了下自己装的插件,没有问题。不少人在网上反馈中招了,而且目前还没有太好的解决方案。

查验了之前帖子 Chrome浏览器扩展科学上网解决方案 中分享的插件,没有问题。

在 Linux 上可以使用以下指令校验是否中招:

cd /home/$USER/.config/chromium/Default/Extensions ls -a > list.txt wget awakesecurity.com/wp-content/upl…comm -12 <( sort list.txt ) <( sort GalComm-Malicious-Chrome-Extensions-Appendix-B.txt )

如果真有中招的,建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 使用一阵子吧。

说实在的,现在市面上的各种数据隐私解决方案都过于复杂了,用户的使用门槛都很高,大家索性对这块就放任不顾了。世界上最大的 DNA 数据库、最大的面部数据库、最大的数字户籍体系...... 还有很多。

走在路上,看到名为天网(SkyNet)的监控设备高悬头顶,除了这句“雪花飘飘,北风萧萧”,还有就是李清照同学的“寻寻觅觅,冷冷清清,凄凄惨惨戚戚”可以形容了。