Big news for anyone who uses Chrome and MEGA.nz for their cloud storage! For the savvy security people, the use of extensions and add-ons are something they are cognizance of while downloading and possibly editing app codes before installing. However, this should be a wakeup call for the normal everyday user who thinks little of security and puts faith into Google for their apps.

Third party extensions do not get thoroughly reviewed before being added to Google’s webstore. The hacking of the MEGA extension (version 3.39.4) involves a trojan that request auto updates and elevated permissions. This breach makes me wonder how to distinguish what updates my system really needs. How is the average person to know what to do? Was always under the assumption to get the most recent updates, as they have the patches required to combat bugs in the system. So, is the only warning due to the elevated permissions…and do most people just hit accept without reading what they are accepting?

9.4.2018 – https://mega.nz/blog_47

9.3.2018 – https://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html
Swati Khandelwal (accessed 9.8.18)

Sept 18 – https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/ (accessed 9.8.18)

Topic