President Bannon Chrome Extension is a security problem, not a joke

Credit to Author: Michael Horowitz | Date: Mon, 06 Feb 2017 20:05:00 -0800

Pretending that Steve Bannon is really the President was funny when Saturday Night Live did it on their opening bit. Then today, Business Insider wrote about a Google Chrome extension that replaces every mention of “Trump” with “Steve Bannon” on all web pages. Funny? Not from a Defensive Computing perspective.

Any extension that can change a specific word on every web page is inherently dangerous. Almost by definition, such an extension is spyware.

Installing the President Bannon extension to the Chrome browser

Sure enough, when you install the President Bannon extension (above) it needs permission to “read and change all your data on the websites you visit.” This is exactly what I wrote about last time (see Spyware on a Chromebook).

I am not claiming that the President Bannon extension is malicious. I have not looked at the source code or sniffed any traffic it may be sending. It’s dangerous nonetheless.

First off, no software should have this much power. And, even if its merely a joke today, since Chrome extensions are automatically and silently updated, nothing stops it from becoming spyware tomorrow

You might as well have someone from American Bridge (“A major Democratic-aligned super PAC” according to Business Insider) standing over your shoulder watching everything you do in the Chrome browser.

The President Bannon Chrome browser extension

It doesn’t help that the website of the software developer says nothing at all about the extension and appears to have been abandoned. 

Or, that the description of the extension, shown below, says nothing about what it actually does.

Exposing Steve Bannon’s role in some of the most dangerous and unconstitutional actions taken by Trump’s Administration. A white supremacist is calling the shots in Donald Trump’s White House. This extension exposes Steve Bannon’s role in some of the most dangerous and unconstitutional actions taken by Trump’s Administration.

Business Insider should stick to business and leave computers to us nerds. 

http://www.computerworld.com/category/security/index.rss