New Microsoft Edge Browser is Based on Chromium
The new Microsoft Edge browser is based on Chromium, the same engine that powers Google Chrome. So it’s capable of running an extension published in the Chrome Web Store.
However, at the same time, Microsoft also maintains its own add-on stores. Where the company says it’s only publishing recommended extensions that have been previously verified and validated for its browser.
Only that just like it happens in the case of Google Chrome and Mozilla Firefox, Microsoft Edge extensions are prone to various infections that could end up with users exposed.
Dark Theme for Edge
Moreover, this is what happened recently when malicious code discovered in a clone of the more famous Dark Reader extension. Called “Dark Theme for Edge,” the knockoff came with code hidden in a PNG file that powered the downloading and execution of other malicious code from a C&C server. When the attack was complete, the extension was capable of collecting data from webpages using fake forms and then upload it to a server controller by the attacker, the dev of Dark Reader explains.
Microsoft already removed the extension:
Similar clones also discovered in the extension stores maintained by Google and Mozilla. And the developer says he actually reached out to both companies in April. Nevertheless, Microsoft only recently targeted, so a similar message was sent to the software giant too.
The good news is that Microsoft responded quickly and removed the malicious extension from its store. Additionally, the company has also uninstalled the extension from devices where it previously deployed in an attempt to protect these computers. So users will now see a warning that “this extension contains malware.”
At the time of writing, the malicious Dark Reader clones also banned from the Google Chrome Web Store and Mozilla add-on store.