These Browser Extensions Spy on 8 Million Users

This work investigates the upalytics.com library for Chrome and Firefox extensions, which performs real time tracking of users on all sites they visit. The code is bundled with free extensions in the official extension stores, exfiltrating browsing history as a feature. Within the top 7,000 Chrome extensions, the library is used 42 times with over 8 million installations, the most widely used one has 1.48M installations alone. For Mozilla Firefox we found 400,000 users to be affected. We also look into the relationship of upalytics with similarweb.com, a third-party web analytics company, which is using that library for their own extension. We reported the suspicious Chrome extensions in March 2016 and they were deleted from the Google Chrome Web Store within 24 hours. Mozilla deleted three out of five reported extensions. In August 2016 we reviewed the Chrome Web Store and found no evidence of this library in the top 7,000 extensions. While this work focuses on one privacy perpetrator, tracking in browser extensions presents a wider research problem.