Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal.
The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs, and execute scripts. In more detail, the permissions are:
Tabs: manage and interact with browser windows
Cookies: set and access stored browser cookies based on cookie or domain names (ex.,