Google Chrome: legit EditThisCookie extension removed instead of malicious copycat

Martin Brinkmann
Dec 31, 2024
Google Chrome, Google Chrome extensions
|
14

EditThisCookie is a specialized extension for Google Chrome that you may use to edit cookie data stored by the browser. I mentioned it back in 2015 here on Ghacks.

The extension, with over 3 million users and 11,000 ratings, has been removed from the Chrome Web Store. What Google has not removed is a copycat extension, first called EditThisCookies and now EditThisCookie®, which is malicious.

When you try to launch the Chrome Web Store address of the legitimate extension, you get the "This item is not available" error message. The page of the fake extension is still up (not linked, because it is malicious).

Eric Parker, known for his malware investigations, analyzed the malicious extension in a YouTube video.

The extension had 30,000 users at the time the video was published on YouTube. Today, it sits at more than 50,000 users.

Parker installed the extension on a test system and discovered several anomalies. These include:

  • A fake website for the fake extension.
  • Obfuscated code.
  • Information stealing code, especially when on Facebook.
  • Phishing.
  • Advertising code.

The researcher did not find code to exfiltrate cookie data, which means that session cookies are not touched by the analyzed version of the extension.

With automatic extension updates enabled by default in Chrome, there is a chance that additional spyware or malware capabilities are added via updates.

Chrome and Chromium users may want to check the list of installed extensions to see if the fake one is installed on their devices.

Just load chrome://extensions/ in the browser's address bar to get a list of all user-installed extensions. If you see EditThisCookies or EditThisCookie®, then you have the fake one installed. Remove it immediately in that case.

An alternative is Cookie Editor.

Good to know: our guide on verifying Chrome extensions.

Closing Words

The fate of the original popular cookie editing extension for Chrome is unclear at this stage.

A check on the legitimate's extension presence on GitHub suggests that it may have something to do with missing Manifest V3 support. The extension appears to have been unavailable since at least July 2024.

While it would make for a great headline, that Google removed the wrong extension, it seems more likely that the legitimate extension was removed because it does not support the new extensions ruleset for Chrome.

Google's web store had and still has a massive copyat extension problem. Back in 2015 and 2017, I noticed that the store hosted numerous "uBlock" extensions. All of them, with the exception of uBlock Origin, were copycats.

Expect more copycats of extensions that are not updated from the old extensions manifest to the new in the near future.

What is your take on this?  Do you vet Chrome extensions before installation?

Summary
Google Chrome: legit EditThisCookie extension removed instead of malicious copycat
Article Name
Google Chrome: legit EditThisCookie extension removed instead of malicious copycat
Description
EditThisCookie, an extension with over 3 million users, is no longer available on the Chrome Web Store. Its fake copycat is, however. Here is what happened.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. craig said on January 10, 2025 at 4:11 pm
    Reply

    @ Guest “Brave has crypto spyware so good luck.”

    PROVE IT!!!

  2. Anonymous said on January 9, 2025 at 4:51 pm
    Reply

    What has happened to gHACKS. It seems to have died. Very sad.

  3. ilev said on January 7, 2025 at 5:15 pm
    Reply

    The extension on Chrome displays :

    EditThisCookie
    1.6.3
    This extension is not trusted by Enhanced Safe Browsing.

  4. ilev said on January 6, 2025 at 11:41 am
    Reply

    EditThisCookie
    1.6.3
    This extension is not trusted by Enhanced Safe Browsing

  5. allen said on December 31, 2024 at 1:57 pm
    Reply

    Yes, this is the extension system that Mozilla was so hot to incorporate into Firefox that it blew away its 25+% market share for browsers to be a part of (along with getting rid of XUL).

    Users? …what users?

    I gotta wonder if Firefox wouldn’t have more users than Chrome by now what with Google forcing Manifest v3 everywhere it can. (At least, I never would have left.)

    1. Anonymous said on January 1, 2025 at 4:19 pm
      Reply

      Yes it’s clearly Mozilla’s fault Google has malicious extensions. That’s why we should use Chromium browsers.

    2. Seeprime said on January 1, 2025 at 12:39 am
      Reply

      Mozilla confused many users when they made radical changes to their UI years ago. It’s been heading downhill ever since.

      1. Carl Breen said on January 5, 2025 at 2:47 pm
        Reply

        You sound upset.

    3. Anonymous said on December 31, 2024 at 6:56 pm
      Reply

      That’s why I use Brave. Brave’s uses Google’s extension store, and many other Google services rather than failing like Firefox and trying to make their own.

      Why not just you Google Chrome you ask, because Brave has no connection to Google, unlike Firefox.

      1. Guest said on January 8, 2025 at 12:12 pm
        Reply

        Brave has crypto spyware so good luck.

      2. foolishgrunt said on January 2, 2025 at 7:09 pm
        Reply

        ^Self contradiction, much?

  6. Anonymous said on December 31, 2024 at 10:44 am
    Reply

    Why not just use the build-in cookie editor?

    1. Anonymous said on January 2, 2025 at 6:47 am
      Reply

      Because this allows to export and import stuff easier.

      But anyway, if anyone wants to do anything with cookies, it would be just easier just to use the devtools or nirsoft’s cookie view and then use the adblocker like Adguard, uBlock or Brave to add the cookies back, so you can get logged in accounts even if you use private modes and other browsers, of course some need local storage but it’s easy to deal with it without these extensions.

      So while some extension makes thing easier, I don’t think it is necessary, especially cookies, when in recent years more and more pages use Local Storage or indexedDB for it.

  7. Chris said on December 31, 2024 at 7:26 am
    Reply

    yet another and more better alternative is Cookie Editor at
    chromewebstore.google.com/detail/cookie-editor/iphcomljdfghbkdcfndaijbokpgddeno

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.