WTF?! EditThisCookie was a popular Chrome extension designed to edit cookie data stored in the browser’s local database. Once used by over three million users, the extension has now been replaced by a counterfeit copycat that has no connection to cookies or browser security. On the contrary, it appears to undermine both.

The original EditThisCookie extension is no longer available, giving way to a similarly named browser add-on, EditThisCookie®. Google appears to have removed the original extension from the Chrome Web Store, yet the counterfeit add-on remains accessible for download. Unfortunately for Chrome users, the fake EditThisCookie® is malicious and should never have been allowed on the Web Store in the first place.

Before Google’s removal, the malicious add-on had approximately 30,000 users. Now, the EditThisCookie® page claims 50,000 users, promoting itself as a legitimate cookie manager. However, reviews are overwhelmingly negative, with users criticizing the extension for its malicious behavior and its status as a clone of the original.

Malware analyst Eric Parker recently shared a YouTube video exposing the fake add-on, detailing its many hidden threats. The extension links to a fraudulent website, contains obfuscated code, and is capable of stealing sensitive information – particularly when users visit Facebook. Additionally, it includes phishing routines and mechanisms for distributing advertisements.

While there are no official explanations for the disappearance of the original EditThisCookie tool, the most plausible reason is its incompatibility with Google’s Manifest V3 adoption. Google is determined to phase out the older Manifest V2 extension technology in favor of Manifest V3, which is claimed to offer improved security.

The widely popular uBlock Origin was the first high-profile casualty of this migration, and EditThisCookie appears to be the next. Meanwhile, the cybercriminals behind the fake EditThisCookie® extension have been resourceful – or opportunistic – enough to update their code to comply with Manifest V3 requirements. In contrast, the original developer may have chosen to focus on other priorities.

The case of EditThisCookie highlights the glaring shortcomings of Manifest V3 in enhancing browser security. Despite Google’s intentions, the new standard seems ineffective, and the situation could worsen as other popular Manifest V2 extensions vanish from the Chrome Web Store. Digital criminals are likely exploiting these gaps, keeping a close eye on the ongoing transition.

In response, third-party browsers like Mozilla Firefox are offering a superior extension experience, supporting both Manifest V2 and V3 frameworks. This flexibility could attract users seeking a more secure and functional browsing environment.