It doesn’t take long for Google and Mozilla to remove Web of Trust (WOT) add-on from Chrome and Mozilla add-on stores after reports surfaced in the German media that the company of add-on is selling add-on users browsing history without even anonymising it. WOT add-on has been installed and trusted by millions of users around the world for protection in Chrome and Firefox web browsers to see safety ratings for websites.

Web of Trust add-on removed

The extension has been silently removed and no longer available in the Chrome Web Store for download, same has been the case with Firefox’s version, but a bug has been submitted about the add-on being malicious citing German news sites report as source, after evidence found and analysis behind it disclosed by Rob that add-on can able to remotely execute arbitrary commands on any page, Firefox browser vendor has blacklisted the WOT extension.

web-of-trust-addon-selling-browser-history-removed-from-firefox-and-google-add-ons-sites

Rob is a Security Technology student and active contributor to open-source software projects and who is volunteer AMO editor working on Firefox WebExtensions.

This damage could be even worse for users as revelations found WOT can do anything ranging from stealing banking credentials to installing malware on the user’s computer, luckily that did not happened.

WOT add-on analysis Summary

The WOT add-on can execute arbitrary code on any page, including privileged browser pages.
Impact and severity: Critical. If WOT wants to, they can do anything ranging from stealing banking credentials to installing malware on the user’s computer.
At the time of analysis, this functionality was not abused.