Google Chrome的熱門擴充功能「Save Image as Type」被Google官方發現裡頭竟暗藏惡意程式碼,目前該功能已遭封鎖並從線上應用程式商店下架。
「Save Image as Type」在線上擁有超過100萬人次下載,此功能可以輕鬆把網頁圖片按右鍵轉存為JPG或PNG等不同格式,累積不少用戶使用,評分甚至有4.2顆星星。
然而,根據外媒體報導,近期遭分析發現其內部檔案中藏有名為「inject.js」的程式碼,該程式碼會觸發與伺服器的通信,並產生一個 URL 清單,然後,該擴充功能會利用這些資訊來載入對應的「聯盟行銷分潤連結」,從而竊取用戶點擊原始連結的佣金。雖然目前沒有證據顯示它會在電腦中直接植入病毒或惡意軟體,不過蒐集使用者的瀏覽紀錄之行為,已嚴重引發隱私爭議。
值得注意的是,此惡意程式有個特殊設計,使用者需要先下載一定數量圖片才會啟動,並不是隨時啟動。
報導還指出,此問題恐怕與擴充功能在2024年8月易主有關,而微軟早已在2024年底把其Edge瀏覽器中移除,Google Chrome則是在今年3月才正式下架。
'%3e%3cpath%20d='M195.06%2051.1096L116.493%2038.7498C113.602%2038.2951%20110.821%2040.0467%20109.983%2042.848L99.4573%2078.0057L98.5717%2080.9652L94.4043%2094.8867L112.554%2091.5437L177.269%20112.754C180.395%20113.778%20183.75%20112.025%20184.693%20108.875L199.755%2058.5646C200.771%2055.1722%20198.561%2051.6612%20195.062%2051.1116L195.06%2051.1096Z'%20fill='%23B0DFFF'/%3e%3cpath%20d='M166.485%2077.1477C165.793%2079.4607%20167.106%2081.8963%20169.419%2082.5882C171.732%2083.2802%20174.167%2081.9675%20174.859%2079.6545C175.551%2077.3415%20174.238%2074.9059%20171.925%2074.2139C169.612%2073.522%20167.177%2074.8347%20166.485%2077.1477Z'%20fill='white'/%3e%3cpath%20d='M145.899%2070.9836C145.208%2073.2967%20146.52%2075.7322%20148.833%2076.4242C151.146%2077.1161%20153.582%2075.8034%20154.274%2073.4904C154.966%2071.1774%20153.653%2068.7418%20151.34%2068.0499C149.027%2067.358%20146.591%2068.6706%20145.899%2070.9836Z'%20fill='white'/%3e%3cpath%20d='M125.312%2064.8196C124.62%2067.1326%20125.932%2069.5682%20128.245%2070.2601C130.558%2070.952%20132.994%2069.6393%20133.686%2067.3263C134.378%2065.0133%20133.065%2062.5777%20130.752%2061.8858C128.439%2061.1939%20126.004%2062.5066%20125.312%2064.8196Z'%20fill='white'/%3e%3cpath%20d='M5.25804%200.00279501L74.4703%202.27626C77.0166%202.35929%2079.1082%204.3125%2079.3672%206.84692L82.6212%2038.6359L82.896%2041.3107L84.185%2053.8978L69.2097%2048.0718L10.3981%2055.6296C7.55918%2055.9954%204.97534%2053.9473%204.68473%2051.0985L0.0270836%205.61134C-0.287248%202.54315%202.17601%20-0.0980284%205.25804%200.00279501Z'%20fill='%230073B8'/%3e%3cpath%20d='M25.4393%2026.9418C25.6528%2029.0334%2024.1325%2030.9016%2022.041%2031.1151C19.9494%2031.3286%2018.0812%2029.8083%2017.8677%2027.7167C17.6541%2025.6251%2019.1744%2023.7569%2021.266%2023.5434C23.3576%2023.3299%2025.2258%2024.8502%2025.4393%2026.9418Z'%20fill='white'/%3e%3cpath%20d='M44.0521%2025.036C44.2656%2027.1276%2042.7453%2028.9958%2040.6537%2029.2093C38.5622%2029.4228%2036.694%2027.9026%2036.4804%2025.811C36.2669%2023.7194%2037.7872%2021.8512%2039.8788%2021.6377C41.9704%2021.4242%2043.8386%2022.9444%2044.0521%2025.036Z'%20fill='white'/%3e%3cpath%20d='M62.6668%2023.1303C62.8803%2025.2218%2061.3601%2027.09%2059.2685%2027.3036C57.1769%2027.5171%2055.3087%2025.9968%2055.0952%2023.9052C54.8817%2021.8136%2056.4019%2019.9454%2058.4935%2019.7319C60.5851%2019.5184%2062.4533%2021.0387%2062.6668%2023.1303Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_926_14682'%3e%3crect%20width='200'%20height='113.047'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
無任何留言,趕緊搶頭香!