Adobe Sneaks a Google Chrome Extension in Latest Security Update to Collect Data

I noticed the Google Chrome Extension for Adobe Acrobat added to my browser when I opened Chrome. I am sure you also would have found the same. If you did and clicked on Remove button, you are safe but if you chose to let the extension be there in your browser, you might be in a little trouble.

On this Tuesday, Adobe released some latest updates that fix security issues and vulnerabilities regarding Adobe Reader. But, according to SwiftOnSecurity, the Google Chrome extension has another purpose. It is not there to fix vulnerabilities but to extract data about your system. The extension also asks for various permissions such as to Read and Change the entire data you have entered on other websites that you often visit. This plugin asks permission for three things:

“Read and change all data on the websites you visit,” “manage your downloads,” and “communicate with cooperating native applications.”

 

The extension gets installed on the system directly and also includes telemetry features for collecting data. The data is sent to the Adobe’s servers, there the company uses it for their own purpose. Adobe claims that they only use information about your browser type and version installed on the system and no personal data is being collected. But still, combining a Chrome extension into a security update is very suspicious act considering that most users are going to install it unknowingly.

The extension has been named Adobe Acrobat and it automatically gets added to Chrome while the system is installing Adobe’s latest update. But, it does require users’ permission for its activation on the system. However, users are not prompted to let it be installed on the system while the security patch is deployed and therefore, it is evident that Adobe is trying to embed telemetry data collection extension on systems where Adobe Acrobat Reader is installed.

 

Related posts

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars