EditThisCookie is a specialized extension for Google Chrome that enables users to alter cookie data saved by their browser. I initially spotlighted it in 2015 on Ghacks.
This extension, which has garnered over 3 million users and received 11,000 ratings, has been removed from the Chrome Web Store. Nonetheless, a misleading imitation, initially named EditThisCookies and currently known as EditThisCookie®, is still up for download and has been flagged as malicious.
When users try to access the link for the original extension in the Chrome Web Store, they encounter an error message that says, “This item is not available.” Meanwhile, the page for the deceptive extension, which I will refrain from linking due to its harmful intent, remains active.
Eric Parker, well-known for his work on malware investigations, evaluated the malicious extension in a YouTube video.
At the time of the video’s release, the extension had about 30,000 users, but this number has now climbed to over 50,000.
Parker conducted tests on a secure system and revealed multiple anomalies, including:
- A fake website for the rogue extension.
- Obscured code.
- Scripts designed to extract information, particularly in conjunction with Facebook.
- Phishing schemes.
- Advertising-related code.
It is important to note that the researcher found no evidence suggesting the code was configured to extract cookie data, implying that the version analyzed does not tamper with session cookies.
Given that Chrome has automatic updates for extensions enabled by default, there is a risk that additional spyware or malware features could be integrated through updates.
Users of Chrome and Chromium are urged to check their installed extensions for the presence of the fraudulent version.
To do this, simply enter chrome://extensions/ into the browser’s address bar for a full list of all installed extensions. If you find EditThisCookies or EditThisCookie®, it indicates that you have the counterfeit extension, which should be removed promptly.
An alternative option worth considering is Cookie Editor.
The fate of the original popular cookie-editing extension for Chrome is currently unclear.
A review of the legitimate extension’s status on GitHub suggests that this issue may stem from a lack of support for Manifest V3. It seems the extension has been unavailable since at least July 2024.
While it would make a significant story to claim that Google mistakenly removed the proper extension, it appears more likely that the legitimate version was taken down due to non-compliance with new Chrome extension regulations.
Google’s web store continues to face a substantial issue with copycat extensions. In both 2015 and 2017, I pointed out that the store included many “uBlock” extensions, all of which, aside from uBlock Origin, were fakes.
Expect an increase in copycat extensions that have not transitioned to the updated extension manifest in the near future.
Image Source: ada Images / Shutterstock