There was talk in 2016 about Google retiring infrastructure for Chrome Extensions. With MEGA now getting their extension hacked with spyware is it a sign it’s time to think hard about retiring the BitWarden Chrome plug-in?
As you can read in the linked article: “Extensions and themes are not at all affected by this change; in fact, they’ll soon be given a much larger focus in the Chrome Web Store.”
They retired Chrome Apps not Chrome Extensions. Those are two different things.
Do you have a source to that info?
Edit: Source for the mega breach here.
I believe the question should be how can we prevent this from happening, not just dropping support for the extension. I’m assuming this can happen to essentially any browser that runs extensions.
The two sources of information that I was able to find including the one bobby_shaftoe shared is as follows:
Perhaps the extension can check itself against a key on the server whether private and/or cloud hosted? I’d like to see what others think to avoid a situation suffered by the Mega users.
Yes I would like to know if/how Bitwarden chrome extension is immune from this kind of security breach. Maybe @kspearrin could write some statement here?
I’m wanting to know how the hackers were able to upload it in the first place? Did they hack the Google account for uploading this plugin?
They hacked their google account. There is no other way.
I assume/hope you take better precautions to protect your google account.
If hacking extension developer’s google account is what it takes to inject malicious code into the extension, then developers must be paranoiac with their account info safety.