There was a risk of millions of users’ account information being leaked due to a bug in the Skype extension.
When security researcher Vladimir Palant turned his attention to the Skype for Chrome extension, which has been installed by 9 million users, he discovered a minor bug that allowed websites to access users’ account information. Should be generally prohibited.
“The issue of privacy is simple,” he said. The extension leaks your Skype name to any website. Username and profile picture can be extracted from Skype name.
According to the researcher, the problem was in the method of identifying the extension, which can determine if a user is logged on to a Microsoft account.
Also Read: Microsoft Skype Is Getting New Changes Soon
Palent said he raised the issue with Microsoft for example on December 1, 2021, but failed to get a concrete response from the company’s security team.
The Skype extension was finally updated on February 24, shortly before the March 1 deadline set by the researcher.