• Chrome风险插件自检


    Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。

    这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。

    绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。

    按照如下步骤操作看看自己有没有中招。

    1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面

    2.在该页面按下F12,在Console 控制台中运行以下代码,回车,✅为无风险,❌为风险项

    // https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt

    上面的网址实时更新有问题的插件,复制后按格式写入malicious中

    ----------以下是真正的执行代码-----------------

    malicious = [
    "acmnokigkgihogfbeooklgemindnbine",
    "apgohnlmnmkblgfplgnlmkjcpocgfomp",
    "apjnadhmhgdobcdanndaphcpmnjbnfng",
    "bahkljhhdeciiaodlkppoonappfnheoi",
    "bannaglhmenocdjcmlkhkcciioaepfpj",
    "bgffinjklipdhacmidehoncomokcmjmh",
    "bifdhahddjbdbjmiekcnmeiffabcfjgh",
    "bjpknhldlbknoidifkjnnkpginjgkgnm",
    "blngdeeenccpfjbkolalandfmiinhkak",
    "ccdfhjebekpopcelcfkpgagbehppkadi",
    "cceejgojinihpakmciijfdgafhpchigo",
    "cebjhmljaodmgmcaecenghhikkjdfabo",
    "chbpnonhcgdbcpicacolalkgjlcjkbbd",
    "cifafogcmckphmnbeipgkpfbjphmajbc",
    "clopbiaijcfolfmjebjinippgmdkkppj",
    "cpgoblgcfemdmaolmfhpoifikehgbjbf",
    "dcmjopnlojhkngkmagminjbiahokmfig",
    "deiiiklocnibjflinkfmefpofgcfhdga",
    "dipecofobdcjnpffbkmfkdbfmjfjfgmn",
    "dopkmmcoegcjggfanajnindneifffpck",
    "dopmojabcdlfbnppmjeaajclohofnbol",
    "edcepmkpdojmciieeijebkodahjfliif",
    "ekbecnhekcpbfgdchfjcfmnocdfpcanj",
    "elflophcopcglipligoibfejllmndhmp",
    "eogfeijdemimhpfhlpjoifeckijeejkc",
    "fcobokliblbalmjmahdebcdalglnieii",
    "fgafnjobnempajahhgebbbpkpegcdlbf",
    "fgcomdacecoimaejookmlcfogngmfmli",
    "fgmeppijnhhafacemgoocgelcflipnfd",
    "fhanjgcjamaagccdkanegeefdpdkeban",
    "flfkimeelfnpapcgmobfgfifhackkend",
    "fmahbaepkpdimfcjpopjklankbbhdobk",
    "foebfmkeamadbhjcdglihfijdaohomlm",
    "fpngnlpmkfkhodklbljnncdcmkiopide",
    "gdifegeihkihjbkkgdijkcpkjekoicbl",
    "gfcmbgjehfhemioddkpcipehdfnjmief",
    "gfdefkjpjdbiiclhimebabkmclmiiegk",
    "ggijmaajgdkdijomfipnpdfijcnodpip",
    "ghgjhnkjohlnmngbniijbkidigifekaa",
    "gllihgnfnbpdmnppfjdlkciijkddfohn",
    "gmmohhcojdhgbjjahhpkfhbapgcfgfne",
    "gofhadkfcffpjdbonbladicjdbkpickk",
    "hapicipmkalhnklammmfdblkngahelln",
    "hijipblimhboccjcnnjnjelcdmceeafa",
    "hmamdkecijcegebmhndhcihjjkndbjgk",
    "hodfejbmfdhcgolcglcojkpfdjjdepji",
    "hpfijbjnmddglpmogpaeofdbehkpball",
    "ianfonfnhjeidghdegbkbbjgliiciiic",
    "ibfjiddieiljjjccjemgnoopkpmpniej",
    "inhdgbalcopmbpjfincjponejamhaeop",
    "iondldgmpaoekbgabgconiajpbkebkin",
    "ipagcbjbgailmjeaojmpiddflpbgjngl",
    "jagbooldjnemiedoagckjomjegkopfno",
    "jdheollkkpfglhohnpgkonecdealeebn",
    "jfefcmidfkpncdkjkkghhmjkafanhiam",
    "jfgkpeobcmjlocjpfgocelimhppdmigj",
    "jghiljaagglmcdeopnjkfhcikjnddhhc",
    "jgjakaebbliafihodjhpkpankimhckdf",
    "jiiinmeiedloeiabcgkdcbbpfelmbaff",
    "jkdngiblfdmfjhiahibnnhcjncehcgab",
    "jkofpdjclecgjcfomkaajhhmmhnninia",
    "kbdbmddhlgckaggdapibpihadohhelao",
    "keceijnpfmmlnebgnkhojinbkopolaom",
    "khhemdcdllgomlbleegjdpbeflgbomcj",
    "kjdcopljcgiekkmjhinmcpioncofoclg",
    "kjgaljeofmfgjfipajjeeflbknekghma",
    "labpefoeghdmpbfijhnnejdmnjccgplc",
    "lameokaalbmnhgapanlloeichlbjloak",
    "lbeekfefglldjjenkaekhnogoplpmfin",
    "lbhddhdfbcdcfbbbmimncbakkjobaedh",
    "ldoiiiffclpggehajofeffljablcodif",
    "lhjdepbplpkgmghgiphdjpnagpmhijbg",
    "ljddilebjpmmomoppeemckhpilhmoaok",
    "ljnfpiodfojmjfbiechgkbkhikfbknjc",
    "lnedcnepmplnjmfdiclhbfhneconamoj",
    "lnlkgfpceclfhomgocnnenmadlhanghf",
    "loigeafmbglngofpkkddgobapkkcaena",
    "lpajppfbbiafpmbeompbinpigbemekcg",
    "majekhlfhmeeplofdolkddbecmgjgplm",
    "mapafdeimlgplbahigmhneiibemhgcnc",
    "mcfeaailfhmpdphgnheboncfiikfkenn",
    "mgkjakldpclhkfadefnoncnjkiaffpkp",
    "mhinpnedhapjlbgnhcifjdkklbeefbpa",
    "mihiainclhehjnklijgpokdpldjmjdap",
    "mmkakbkmcnchdopphcbphjioggaanmim",
    "mopkkgobjofbkkgemcidkndbglkcfhjj",
    "mpifmhgignilkmeckejgamolchmgfdom",
    "nabmpeienmkmicpjckkgihobgleppbkc",
    "nahhmpbckpgdidfnmfkfgiflpjijilce",
    "ncepfbpjhkahgdemgmjmcgbgnfdinnhk",
    "npaklgbiblcbpokaiddpmmbknncnbljb",
    "npdfkclmbnoklkdebjfodpendkepbjek",
    "nplenkhhmalidgamfdejkblbaihndkcm",
    "oalfdomffplbcimjikgaklfamodahpmi",
    "odnakbaioopckimfnkllgijmkikhfhhf",
    "oklejhdbgggnfaggiidiaokelehcfjdp",
    "omgeapkgiddakeoklcapboapbamdgmhp",
    "oonbcpdabjcggcklopgbdagbfnkhbgbe",
    "opahibnipmkjincplepgjiiinbfmppmh",
    "pamchlfnkebmjbfbknoclehcpfclbhpl",
    "pcfapghfanllmbdfiipeiihpkojekckk",
    "pchfjdkempbhcjdifpfphmgdmnmadgce",
    "pdpcpceofkopegffcdnffeenbfdldock",
    "pgahbiaijngfmbbijfgmchcnkipajgha",
    "pidohlmjfgjbafgfleommlolmbjdcpal",
    "pilplloabdedfmialnfchjomjmpjcoej",
    "pklmnoldkkoholegljdkibjjhmegpjep",
    "pknkncdfjlncijifekldbjmeaiakdbof",
    "plmgefkiicjfchonlmnbabfebpnpckkk",
    "pnciakodcdnehobpfcjcnnlcpmjlpkac",
    "ponodoigcmkglddlljanchegmkgkhmgb",
    ];

    document
    .querySelector("extensions-manager")
    .shadowRoot.querySelector("cr-view-manager extensions-item-list")
    .shadowRoot.querySelectorAll("extensions-item")
    .forEach((item) => {
    const name = item.shadowRoot.querySelector("#name").innerText;
    if (malicious.includes(item.id)) {
    console.log("❌", item.id, name);
    } else {
    console.log("✅", item.id, name);
    }
    });

    ------------以上是真正的执行代码-----------------

    执行结果:显示正常

    3.删除提示风险的插件

    在 Linux 上可以使用以下指令校验是否中招:

    cd /home/$USER/.config/chromium/Default/Extensions ls -a > list.txt wget awakesecurity.com/wp-content/upl…comm -12 <( sort list.txt ) <( sort GalComm-Malicious-Chrome-Extensions-Appendix-B.txt )

    mac 下chrome扩展插件安装在什么位置?

    地址栏输入chrome://version 回车用资源管理器打开"个人资料路径"栏的路径,该路径下的Extensions文件夹即默认的扩展安装路径.

    如果真中招了,目前还没有太好的解决方案。建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 。

  • 相关阅读:
    正则表达式
    http协议组成(请求状态码)
    谈一谈你对js线程的理解
    CSS 中定位方式有几种,说明他们的意义
    手机端白屏前端优化的方法,5 种以上
    用 js 写一个获取随机颜色的程序
    如何获取本地存储信息
    cuda 版本查阅
    ubuntu16.04 ROS安转及RVIZ启动
    Tensorflow和Caffe 简介
  • 原文地址:https://www.cnblogs.com/hightech/p/13180417.html
Copyright © 2020-2023  润新知