Skip to main content

A sneaky extension for Chrome, Firefox prevents its removal, hijacks browser

Chrome Apps
Image used with permission by copyright holder

Internet security firm Malwarebytes recently discovered that a pair of extensions will not only hijack Chrome and Firefox, but will block any attempts to remove them from these two browsers. The version found in Chrome is a forced extension resulting from web pages that trick visitors into installing the extension via a JavaScript-based popup. The Firefox version stems from advertisements pretending to be an official manual update requirement warning posted by Mozilla. 

“Tiempo en colombia en vivo” is the name of the invading Chrome extension. Malwarebytes doesn’t provide any specifics about what this extension actually does to Chrome but presumably, it completely hijacks the browser to push technical support scams, drive click numbers on specific websites, or completely hijack web searches. The company’s listing says it could spy on your web browsing activities too. 

It’s essentially force-installed by hijacking the browser on websites supporting the extension. If you try to leave the page, a popup appears asking to add an extension for exiting the page. If you select cancel, another popup will appear with an additional tick box that says “Prevent this page from creating additional dialog.” Check the box, hit “OK,” and the browser goes full screen with a popup revealing the name of the extension that is supposedly distributed through the Chrome Web Store. 

Thinking it’s legit, Chrome users install the extension. But the problems only get worse for there. When Chrome users attempt to access the in-browser extensions section, they are directed to a fake extension page that doesn’t list the installed, offending extension. Because this page is internal, disabling JavaScript doesn’t fix the problem. The only way to regain control is to add “–disable-extensions” after chrome.exe in the shortcut command line (which disables all extensions), or rename the “1499654451774.js” file in the extensions folder. 

Meanwhile, the Firefox extension takes a different route. Victims will see a web-based advertisement warning that Firefox requires a manual update. Taking the bait, they inadvertently install the offending extension, which prevents them from accessing the internal “about:addons” page by closing the tab. To remove the extension, you can restart Firefox in safe mode. Extensions are not active in this state, thus you can remove any add-on before restarting the browser. 

“If you are kept on a Firefox tab by JavaScript(s) that keep popping up with prompts, and you are unable to close the window in the usual way, you can terminate Firefox by using Task Manager,” the company states. “When you restart Firefox, it will not be able to restore the session for that tab.” 

Believe it or not, Task Manager is your best friend in Windows. Simply type CTRL+ALT+DEL, and you can open the Task Manager window to force-close any browser tab that refuses to close. You don’t need to install anything to escape the clutches of a malicious web page. Even more, Google and Mozilla absolutely do not send warning advertisements on web pages to manually upgrade your browser. Updates are typically performed behind the scenes. 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This Chrome extension lets hackers remotely seize your PC
A depiction of a hacker breaking into a system via the use of code.

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled 'Cloud9' is also capable of logging keystrokes, as well as distributing ads and malicious code.

Read more
The latest Firefox release redesigns its private browsing feature
A symbol of the Mozilla Firefox logo.

Mozilla is releasing its latest version of the Firefox browser as of Tuesday with a focus on privacy, accessibility, and customization, according to the brand.

The new release will include a number of features, but one notable highlight is the introduction of a shortcut button for Private Browsing mode that you can pin to your desktop. This is a feature intended for easy access to the feature that is typically found within the triple bar icon at the upper right corner of the browser or when right-clicking the Firefox icon on the Windows taskbar with a mouse or trackpad. While it might not be extremely tedious, this feature takes out some extra steps for those who wish to take advantage.

Read more
Google Chrome tops this list of most vulnerable browsers
Google Chrome logo appears over photo of laptop with chart of vulnerabilities.

According to a recent report, Google Chrome is the most vulnerability-ridden browser of all the major players. Chrome also happens to be the most popular browser in the world, accounting for over 60% of usage according to most sources, which means that a larger number of people are at risk until the bugs are fixed.

Every browser suffers from these security weaknesses from time to time, including the increasingly popular Apple Safari, Microsoft Edge, and Mozilla Firefox, but Chrome has had a startlingly high number of weaknesses in 2022. The vulnerability report from Atlas VPN summarized data found in the VulDB vulnerability database. In this year alone, 303 vulnerabilities have been detected in Google Chrome. Firefox came in a distant second with 117, while 103 were found in Edge, and only 26 in Safari.

Read more