President Bannon Chrome Extension is a security problem, not a joke

chromelogo

Pretending that Steve Bannon is really the President was funny when Saturday Night Live did it on their opening bit. Then today, Business Insider wrote about a Google Chrome extension that replaces every mention of "Trump" with "Steve Bannon" on all web pages. Funny? Not from a Defensive Computing perspective.

Any extension that can change a specific word on every web page is inherently dangerous. Almost by definition, such an extension is spyware.

presidentbannon.permissions Michael Horowitz

Installing the President Bannon extension to the Chrome browser   

Sure enough, when you install the President Bannon extension (above) it needs permission to "read and change all your data on the websites you visit." This is exactly what I wrote about last time (see Spyware on a Chromebook).

I am not claiming that the President Bannon extension is malicious. I have not looked at the source code or sniffed any traffic it may be sending. It's dangerous nonetheless.

First off, no software should have this much power. And, even if it's merely a joke today, since Chrome extensions are automatically and silently updated, nothing stops it from becoming spyware tomorrow

You might as well have someone from American Bridge ("A major Democratic-aligned super PAC" according to Business Insider) standing over your shoulder watching everything you do in the Chrome browser.

presidentbannon.chromeext Michael Horowitz

The President Bannon Chrome browser extension

It doesn't help that the website of the software developer says nothing at all about the extension and appears to have been abandoned. 

Or, that the description of the extension, shown below, says nothing about what it actually does.

Exposing Steve Bannon's role in some of the most dangerous and unconstitutional actions taken by Trump's Administration. A white supremacist is calling the shots in Donald Trump's White House. This extension exposes Steve Bannon's role in some of the most dangerous and unconstitutional actions taken by Trump's Administration.

Business Insider should stick to business and leave computers to us nerds. 

FEEDBACK

Now that Computerworld, and all of parent company IDG's websites, have eliminated user comments, you can get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput

UPDATE Feb. 6, 2017: 

The story was also picked up by the Daily Kos (Democratic organization creates Google extension that turns any mention of 'Trump' into 'Bannon') and Softpedia (Chrome Extension Turns "Trump" into "Bannon," Warns About His Influence). 

A very similar extension,  Steve Bannon to Wormtongue, that "Replaces Steve Bannon and President Bannon with the name "Wormtongue" requests the same Chrome permission.  

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon