The Stylish extension used by many Mozilla Firefox and Google Chrome users has been removed from their plugin repositories due to security concerns. A dangerous privacy leak has been exposed by a blogger which reported that the plugin reports private user data to the company behind it.
Firefox and Google Chrome Repositories Remove Stylish Extension Citing Security Concerns
Stylish is one of the most popular extensions available for the most web browsers. It allows users to customize the look and feel of popular web services and sites. This is done by installing themes that can be freely downloaded from the Internet.
The exact reason why the extension was taken down by the web browser developers is asTO report by a specialist stating that the extension has been bundled with a spyware instance. This means that all users that have been using it since January 2017 have their private data harvested.
The Stylish extension has been acquired by SimilarWeb and according to the report they create and maintain profiles of the individual’s website interactions in a database. All users that have created accounts on the themes site will be linked to specific tracking cookies. All installed versions of it also created unique user identifiers, whether or not they have an active account. What this behavior means is that SimilarWeb will have a full copy of all web browser contents that can be tied to user accounts email address. This allows the extension operators to access the following data:
- Browser History
- Browser Bookmarks
- Browser Cookies
- Browser Settings
While the expert explicitly states that the browser histories are hijacked, the same code can be used to obtain copies of all other contained within data such as the above mentioned cookies, settings and even password credentials.
The fact that the Stylish extension has access to the history means that the operators can also retrieve authentication tokens. They are used in many sites to login the users. If the information is forwarded in real-time then it is very possible that using this token can allow the SimilarWeb and Stylish operators access to their accounts.
Another major security risk is the harvesting of secret long URLs that are used by some Internet services to show pages with expiration date. The expert reported that by using such a link they can gain access to private medical files hosted on servers that use this (in)secure authentication mechanism.
The user tracking behavior is turned on by default however disabling it may not stop all tracking behavior.
The Mozilla Firefox Bugzilla (bug tracking software) entry reads that the following message:
We decided to block because of violation of data practices outlined in the review policy.
Mozilla Firefox notification message
This has caused Mozilla Firefox users that already have the plugin installed to receive a notification message. It reads that that it causes problems with the security and stability of the browsers and recommends that users switch it off.
Accessing it from the Google Chrome repository link shows a 404 Error showing that it has been removed. The full report is available here.
Google Chrome Web Store notification
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: