installed a potentially harmful extension was chrome affected?



  • since vivaldi and chrome are both chrome browsers does that mean extensions installed on one can access the other?

    i installed a potentially bad extension

    you can find it by searching youtube download then choosing youtube downloader, the reviews claim it's malware.

    it forced me to download another extension

    both extensions uses the permission view and change anything on the page, so i potentially had my login cookies taken by these addons, so i had to change passwords on some services, i don't allow many cookies and most cookies are asutodeleted, i assume i am safe on google overall as i managed to log out on all sessions which made other browsers log out too, but i am considering changing my google password too should i?, anyway vivaldi does not save passwords none what so ever as i've set it to never, chrome does though, so was the bad extension able to access files on chrome if it was installed on vivaldi? or would it only be isolated to vivaldi.

    and is it possible for an extension to steal cookies and is there no other way than to change password to kill all session cookies? if these people decide to use my cookies and login to my sites will i then see that it's an unknown ip trying to log in or will it bypass all that? will it bypass two step verification?

    note all websites i am logged in to are always used in https, the extension was active on youtube only and for a few min until i removed it, so no typed in text was captured, the only potential compromise is login cookies that were stored on vivaldi.



  • While Chrome and Vivaldi are both Chromium-based browsers, they are not the same browser, meaning that a bad Chrome extension should not affect Vivaldi (and the other way around), as far as I'm aware.
    With that said, if you believe that possibly-bad-extension might have captured some sensitive information, play it safe and change passwords where they could have been compromised (in this case, your google account).

    One extra thing: Unless something has changed, Chrome extensions are not really verified by Google - be careful when installing them.



  • @merryweather all i believe is that it could have captured a few login cookies for

    facebook,twitter,google outlook doesn't seem to be affected even though i have set it to keep that cookie but it never works i always have to login regardless

    i have so far changed password on outlook and twitter, that leaves facebook and google, will facebook notify me if someone tries to use a cookie same with gmail? as it would be done on a different ip adress, and you're probably right play it safe i would have rather be told that i should be safe on google don't care as much with facebook.

    Yоutubе Video Downloader is what the extension is called it forces you to download a extension called search, the author website leads nowhere and that extension only has like 1000 users.

    you'd think a top result would be safe



  • @zzcool: Well, if someone tries to access it from a different IP, you might be warned or notice it, there's that. However, when in doubt...might as well take the safe route. At least that's what I would do, my paranoia would compel me.

    The thing with malicious extensions/software/etc, is that they're often designed so that they're easy to find...that would explain why it shows up immediately. The fact that chrome extensions aren't verified only makes it worse.



  • @merryweather yeah i've changed google,twitter,microsoft password that leaves facebook not sure if i'd bother but i probably will, i wish chrome asked for permissions during launch just like android does.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.