thegreatsuspender
The Great Suspender Chrome extension hijacked
After original maintainer Dean Oemcke transferred ownership to an anonymous buyer in June 2020, the new owner published v7.1.8 to the Chrome Web Store containing tracking and remote-code-loading functionality that was never present in the open-source repository. The extension intercepted web requests for tracking and ad fraud, and could load arbitrary code from a remote server. Google removed it from the Chrome Web Store and force-disabled it for users on 2021-02-04; Microsoft pulled it from Edge for malware shortly before. Approximately 2 million users were affected.
- Date
- 2020-10-01 to 2021-02-04
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- distribution
- Impact
- Tracking
- Cause
- Maintainer ownership transfer
What Was Affected
Package
thegreatsuspender
Languagejavascript
ComponentExtension
Artifact typeextension package
Domain typepackage host
Domain
chromewebstore.google.com
Repository
github.com/greatsuspender/thegreatsuspender
Compromised Versions
- 7.1.8
Incident Context
- Motive
- Financial gain
- Attribution
- New maintainer
- Transitive
- No
- User Impact
- 2000000
- Observed Duration
- 126 days
External References
Source Data
Source record: oss/great-suspender/meta.yaml