UBlock Origin - An efficient blocker for Chromium and Firefox. gorhill/uBlock. UBlock origin for Edge chromium? I could swear it was available yesterday and now today that I reinstalled Windows (for a clean 1903 install) I don't see it anymore in the windows store. Only available for the regular edge browser. Nov 23, 2020 Browser extensions can extend the functionality of the web browser they are installed in or a site significantly; this is true for all browsers that support extensions, and the new Chromium-based Microsoft Edge is no exception to the rule.
Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github.
Ublock Origin Edge Chromium Extension
Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total.
Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code.
The first thing Hill noticed the new extension doing was checking if the user had opened the developer console. If it was opened, the extension sent a file titled 'report' to a server at https://def.dev-nano.com/. “In simple words, the extension remotely checks whether you are using the extension dev tools—which is what you would do if you wanted to find out what the extension is doing,” he wrote.
The most obvious change end users noticed was that infected browsers were automatically issuing likes for large numbers of Instagram posts, with no input from users. Cyril Gorlla, an artificial intelligence and machine learning researcher at the University of California in San Diego, told me that his browser liked more than 200 images from an Instagram account that didn’t follow anyone. The screenshot to the right shows some of the photos involved.
Nano Adblocker and Nano Defender aren’t the only extensions that have been reported to tamper with Instagram accounts. User Agent Switcher, an extension that had more than 100,000 active users until Google removed it earlier this month is reported to have done the same thing.
Many Nano extension users in this forum reported that their infected browsers were also accessing user accounts that weren’t already open in their browsers. This has led to speculation that the updated extensions are accessing authentication cookies and using them to gain access to the user accounts. Hill said he reviewed some of the added code and found that it was uploading data.
“Since the added code was able to collect request headers in real-time (through websocket connection I guess), this means sensitive information such as session cookies could be leaked,” he wrote in a message. “I am not a malware expert so I can't come up with *all* that is possible when having real-time access to request headers, but I do get that it's really bad.”
Other users reported that sites other than Instagram were also being accessed and tampered with, in some cases, even when the user hadn’t accessed the site, but these claims couldn’t immediately be verified.
Alexei, an Electronic Frontier Foundation senior staff technologist who works on the Privacy Badger extension, has been following the discussions and provided me with the following synopsis:
The gist is that the Nano extensions were updated to surreptitiously upload your browsing data in a remotely configurable way. Remotely configurable means that there was no need to update the extensions to modify the list of websites whose data would be stolen. In fact, the list of websites is unknown at this time as it was remotely configured. There are many reports of users' Instagram accounts being affected, however.
Ublock Origin Extension Chrome Download
Evidence collected to date shows that the extensions are covertly uploading user data and gaining unauthorized access to at least one website, in violation of Google terms of service and quite possibly applicable laws. Google has already removed the extensions from the Chrome Web Store and issued a warning that they aren’t safe. Anyone who had either of these extensions installed should remove them from their machines immediately.
AdvertisementNano Adblocker and Nano Defender are available in the extension stores hosted by both Firefox and Microsoft Edge. Xu and others say that neither of the extensions available in these other locations are affected. The caveat is that Edge can install extensions from the Chrome Web Store. Any Edge users who used this source are infected and should remove the extensions.
The possibility that the extensions may have uploaded session cookies means that anyone who was infected should at a minimum fully log out of all sites. In most cases this should invalidate the session cookies and prevent anyone from using them to gain unauthorized access. Truly paranoid users will want to change passwords just to be on the safe side.
The incident is the latest example of someone acquiring an established browser extension or Android app and using it to infect the large user base that already has it installed. It’s hard to provide actionable advice for preventing this kind of abuse. The Nano extensions weren’t some fly-by-night operation. Users had every reason to believe they were safe until, of course, that was no longer the case. The best advice is to routinely review the extensions that are installed. Any that are no longer of use should be removed.
THERE WAS NEW UPDATES, THIS POST IS NOW OBSOLETE. UPDATE TO THIS POST WILL COME SOON.
The Chromium-based Microsoft Edge browser has been officially released to the masses and I’m pleased to begin working on deploying the official stable release along with new GPO policy settings.
Full disclosure: I install uBlock Origin and use a whitelist for company websites. I encourage everyone else to do the same. Please see my uBlock Origin post if you need further guidance on its configuration.
Here are the policy settings that I used for Edge:
HKLM (settings users cant override)
Top level:
Always open PDF files externally - enabled
Automatically import another browser's data and settings - enabled/import chrome
Set Microsoft Edge as default browser - disabled
Hide the first-run experience and splash screen - enabled
Allow user feedback - disabled
Default search provider:Enable the default search provider - enabled
Default search provider search URL - enabled / https://www.google.com/search?q={searchTerms}
Extensions:Control which extensions cannot be installed - enabled
bjicifbhnpakmaekfnphojjehhnifkmc (Search and New Tab by Yahoo)
efaidnbmnnnibpcajpcglclefindmkaj (Adobe Acrobat)
There are two sources to obtain uBlock Origin, either from the Google store or Microsoft store. Options for both are below.
Google store version of uBlock Origin:
Control which extensions are installed silently - enabled / cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crxConfigure extension management settings - enabled / Copy uBlock backup and paste it here:
Microsoft store version of uBlock Origin:Control which extensions are installed silently - enabled / odfafepnkmbhccpbejgmiehpchacaeak;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Configure extension management settings - enabled / Copy uBlock backup and paste it here:
Printing: Print using system print dialog - enabled
Set the system defaul printer as the default printer - enabled
_____________________________________________
HKCU Level (Settings users can override)
Top level: Continue running background apps after Microsoft Edge closes - Disabled
Clear browsing data when Microsoft Edge closes - enabled
Password manager and protection:Enable saving password to the password manager - enabled
SmartScreen settings:Configure Microsoft Defender SmartScreen - enabled
Startup, home page and new tab page: Show Home button on toolbar - enabled
Configure the home page URL - enabled / https://www.companywebsite.com
Configure the new tab page - enabled / https://www.google.com/?gws_rd=ssl
Action to take on startup - enabled / Open a list of URLs
Sites to open when the browser starts - enabled / https://www.google.com/?gws_rd=ssl
_________________________________________________
Here’s a link to the registry key created when applying the final settings. Caveat: this is the Google store version of uBlock, change out the extension paths with Microsoft store’s if you wish to use it instead: https://github.com/SysAdminDoc/Windows10/blob/master/EdgeGPO.reg
Comments are closed.