Few hours back we’ve covered about Axis browser launched by Yahoo, Axis browser available as an add-on for Chrome, Firefox, IE and Safari. Something gone wrong in case of Chrome extension as Yahoo accidentally included their certificate private key in the extension package which tells Chrome as it is certified and came from Yahoo, this was spotted by @nikcub and same has been reported to Yahoo Security first then he covered the details about how the extension can be spoofed using Yahoo’s private key in his blog. So anyone with bad intent can misuse this extension by using Yahoo private key by adding addition of malicious code to it, Chrome can installs that on user’s Computer as it comes from trusted Yahoo. What happened now is that Yahoo has removed that extension from Axis page and published a new extension, hope this time no private key is included in the extension package.
Yahoo removes Axis Chrome Extension that has its private key included
Ethan Batraksi supposed to product management @Yahoo Search posted a comment on Nik blog post that covered the issue by asking the apology what had happened and they’ll release a new chrome extension with in next 30 min of time. This Comment posted one hour ago and indeed new extension is now available from Yahoo Axis site. Here is the excerpt of Ethan comment
“A new chrome extension will be available within the next 30 min with this issue resolved. We apologize for the inconvenience.
What Chrome users who installed Axis Extension earlier need to do is uninstall that extension and install the new one from Yahoo Axis page.