In November, Microsoft blocked The Great Suspender extension for the presence of malicious code.
The malicious code could exploit the users of this extension in advertising fraud, tracking and more. The extension’s original creator Dean Oemcke sold the extension in June 2020 to an unknown entity, following which two new versions were released directly to users through the Chrome Web Store (7.1.8 and 7.1.9).Įxperts found out that a new maintainer of the extensions has secretly added a feature that could be exploited to execute arbitrary code remotely. The Chrome extension had millions of installs before it was removed from the Chrome store. On Thursday, Google removed The Great Suspender extension from the Chrome Web Store and deactivated it from users computers. “This extension contains malware,” read a notification published from Google. The extension replaces the suspended pages with a blank page until the user decides to use it again. The Great Suspender was used as an open-source extension that automatically suspends open tabs that haven’t been used for a while with the intent of saving resources. Copy the link and open the URL of the tabs that you want to restore manually.Google disables The Great Suspender a popular Chrome extension from the Chrome Web Store and customer’s devices because it contains malware.You will get the list of suspended tabs by The Great Suspender.Search for the Great Suspender’s extension ID: “klbibkeccnjlkjkiokjodocebajanakg.”.However, you can retrieve the lost tabs by following the following steps: The forceful disabling of The Great Suspender extension in Chrome has resulted in all suspended tabs being closed and lost for active users of the extension. As a precautionary measure, users of the extension are advised to delete the extension and change their passwords. Neither Google nor the new owner of The Great Suspender has issued an official statement regarding the issue.
The Great Suspender has been removed from the Chrome Web Store,” reads a post published by Calum McConnell on GitHub.Ĭurrently, it is unknown if the extension could make its way back into the Chrome Web Store with any future update removing all malicious content. Well, they could until Google nuked the extension from their store. The malicious maintainer remains in control, however, and can introduce an update at any time. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code running since November, and it does not appear to load the compromised script.
In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. “The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. Nevertheless, it was allowed on the Chrome Web Store following an update that reportedly removed the malicious lines of code. These suspicious updates are said to contain a tracking code that could copy user information and passwords. As per the information shared on the plugin’s official Github repository, the new maintainers of the plugin has since then sneaked in various updates to the plugin that has looked suspicious, prompting Microsoft to ban the extension from Edge browser’s extensions marketplace. However, there was a change of ownership in June 2020 when Google sold the extension to a third party. The Great Suspender was released as a solution to this problem making it a hugely useful and popular extension among Chrome users. Over the years, the Chrome browser has been infamously known for consuming a lot of RAM and taking up computer memory when a user opens multiple tabs. It replaces the suspended pages with a blank page until the users decide to use it again. For those unaware, The Great Suspender is an extension that focusses on reducing Google Chrome’s RAM usage by shutting down tabs that have not been used for a certain period.