Researchers have discovered that the developer of SafeBrowse Chrome extension with more than 140,000 users has inserted a JavaScript library in the extension’s code that consumes the CPU and mines for the Monero cryptocurrency using users’ machines and without getting their approval.
By analyzing the SafeBrowse extension’s source code, anyone can simply detect that the developer embedded the Coinhive JavaScript Miner, which offers a JavaScript miner for the Monero Blockchain (or others CryptoNote-based currencies) that you can embed in your website.
According to coin-hive.com:
“The Coinhive JavaScript Miner lets you embed a Monero miner directly into your website. The miner itself does not come with a UI – it’s your responsibility to tell your users what’s going on and to provide stats on mined hashes.
While it’s possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.”
The extension code starts a process that runs at all times in the browser’s background and drains the CPU power to mine for Moner currency, but for the profits of the SafeBrowse developers.
The extension has been removed from the Google Store, and the official website didn’t say anything about the addition of the Coinhive code.