{"id":39032,"date":"2021-01-07T07:55:09","date_gmt":"2021-01-07T07:55:09","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/"},"modified":"2021-01-07T07:55:09","modified_gmt":"2021-01-07T07:55:09","slug":"what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/","title":{"rendered":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#8217;t document updates? Let&#8217;s find out"},"content":{"rendered":"<p><span data-label=\"analysis\">Analysis<\/span> Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious. Around that time, Google was made aware of these concerns and looked into the situation.<\/p>\n<p><i>The Register<\/i> understands that the unidentified maintainer of the project subsequently resubmitted the extension without the suspicious behavior that had been <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1263\">cited<\/a> in a GitHub issues post. That version, 7.1.9, is presently available through the Chrome Web Store and is presumably safe enough that Google considers the matter closed.<\/p>\n<p>However, the concerns raised haven&#8217;t really been resolved because the software community hasn&#8217;t figured out how to transfer trust when a project like this widely used extension is transferred to a new owner.<\/p>\n<p><a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/chrome.google.com\/webstore\/detail\/the-great-suspender\/klbibkeccnjlkjkiokjodocebajanakg?hl=en\">The Great Suspender<\/a> add-on, which claims over two million users (though Chrome Web Store stats are notoriously easy to manipulate), <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1175#issue-642243362\">was sold<\/a> by creator Dean Oemcke to an unidentified party in June, 2020. The terms of the deal have not been disclosed. The current GitHub account hosting the code, greatsuspender, offers no clue as to the owner&#8217;s identity and no means of contact, apart from a support email address listed on extensions Chrome Web Store page.<\/p>\n<p><i>The Register<\/i> tried to contact the current owner and former owner by email, and we&#8217;ve yet to receive a response. The extension claims it can &#8220;make your computer run smoothly by suspending the tabs you aren&#8217;t using.&#8221;<\/p>\n<p>Since the ownership transfer, there have been dozens of code changes <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/compare\/v7.1.6...master\">committed<\/a> to the add-on&#8217;s GitHub repository, and at least two new versions (7.1.8 and 7.1.9) have been released through the Chrome Web Store and distributed to users automatically, a behavior some consider to be <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=899396\">a bug<\/a>.<\/p>\n<p>But those releases aren&#8217;t listed in the project repo, where the latest official release <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/releases\/tag\/v7.1.6\">still looks to be 7.1.6<\/a>. It&#8217;s possible to see the individual git commits made since then, and piece together what may be inside 7.1.8 and 7.1.9, by doing some digging. Ordinarily, developers summarize the contents of new versions in public release notes on their repos, to help people understand what alterations to the code have been made.<\/p>\n<p>The issue with Great Suspender appears to have been the use of an open-source analytics package, Open Web Analytics (OWA), in conjunction with remote scripts and a CDN \u2013 the concern was that user information was being spirited away.<\/p>\n<p>As one user <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1263#issuecomment-731556141\">wrote<\/a>, &#8220;The extension was sold to an unknown party. This entity has &#8216;updated&#8217; the extension to v7.1.8 w\/o publishing changes to Github. It is calling remote scripts and using remote tracking analytics, sending user information somewhere w\/o user knowledge.&#8221;<\/p>\n<p>The current version, v7.1.9, doesn&#8217;t contain the script in question, possibly a consequence of v.7.1.8 being <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1263#issuecomment-735409569\">blocked by Microsoft Edge<\/a>.<\/p>\n<p>But this may be a matter that goes beyond the privacy abuse that has become commonplace on the web. Other internet users <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.reddit.com\/r\/chrome\/comments\/gg2nii\/auto_refresh_extension_now_malware\/fqd64jx\/\">claim<\/a> that portions of the extension code show similarities to other extensions associated with malware and cryptomining.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/05\/19\/google_photo_by_lightpoet_via_shutterstock.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Google, photo by lightpoet via Shutterstock \"><\/p>\n<h2 title=\"Web advertising giant says it has been working with filter makers, others to 'evolve the platform'\">Google Chrome&#8217;s crackdown on ad blockers and browser extensions, Manifest v3, is now available in beta<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2020\/12\/10\/googles_browser_extension_platform_rewrite\/\"><span>READ MORE<\/span><\/a><\/div>\n<p><i>The Register<\/i> asked Josh Manders, a developer working on a hosting platform called Primcloud, why he had expressed concern about the extension. He explained that while no one had identified specific malicious behavior, it&#8217;s just too suspicious that the new owner went silent and that the only change since then was to add new analytics tracking code in a way that&#8217;s not evident in the repo.<\/p>\n<p>Manders said during his research into the extension and associated internet domains, he found numerous links to other extensions that have been bought and replaced with malware. He said he suspects the owner intends to wait for the online controversy to die down and then subvert the code through further changes.<\/p>\n<p>This acquire-and-subvert threat model has been seen before in open source projects like <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/NanoAdblocker\/NanoCore\/issues\/362\">Nano Adblocker<\/a>.<\/p>\n<p>Developer Thibaud Colas came to a similar conclusion on Monday after analyzing the extension code and noting <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1263#issuecomment-754354645\">several inconsistencies<\/a>, like the inclusion of a hard-coded siteId in the removed OWA tracking script that belongs to a different extension.<\/p>\n<p>&#8220;The script currently served by those domains does look like an innocuous Open Web Analytics tracker script,&#8221; Colas said.<\/p>\n<p>&#8220;It could well be selectively serving the innocuous script, and on occasion switch over to a more malicious payload. Or it really could just be added tracking. Based on the association with those other extensions, I\u2019d expect TGS will eventually switch to have a similar business model \u2013 stay low-profile long enough so people here move on, then cash in on whoever is left unaware of the change of direction.&#8221;<\/p>\n<p>On Tuesday, he <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/greatsuspender\/thegreatsuspender\/issues\/1263#issuecomment-754953405\">revised<\/a> his assessment, noting that the now removed OWA script is &#8220;not Open Web Analytics, but another application trying to pass for it.&#8221; That&#8217;s generally not a good sign.<\/p>\n<p><i>The Register<\/i> asked Google whether it plans to implement any measures to help make it easier for people to understand who maintains Chrome extensions and to understand code changes that have been made. We&#8217;ve not heard back. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/01\/07\/great_suspender_malware\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oh yes, I&#8217;m the Great Suspender, pretending I&#8217;m doing well Analysis\u00a0 Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious. Around that time, Google was made aware of these concerns and looked into the situation.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":39033,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-39032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#039;t document updates? Let&#039;s find out 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#039;t document updates? Let&#039;s find out 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-07T07:55:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#8217;t document updates? Let&#8217;s find out\",\"datePublished\":\"2021-01-07T07:55:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/\"},\"wordCount\":864,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/\",\"name\":\"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg\",\"datePublished\":\"2021-01-07T07:55:09+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#8217;t document updates? Let&#8217;s find out\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/","og_locale":"en_US","og_type":"article","og_title":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-07T07:55:09+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#8217;t document updates? Let&#8217;s find out","datePublished":"2021-01-07T07:55:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/"},"wordCount":864,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/","url":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/","name":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg","datePublished":"2021-01-07T07:55:09+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-a-chrome-extension-with-2m-users-changes-hands-raises-red-flags-doesnt-document-updates-lets-find-out\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn&#8217;t document updates? Let&#8217;s find out"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39032"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39032\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39033"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}