If You Run The Great Suspender Plugin, STOP NOW!

The Chrome/Chromium browser extension The Great Suspender has a long history as a quality browser extension.

It’s purpose is relatively simple – reduce the resources used by tabs that a user is not “actively” using. Many years ago, it was necessary, since Chrome was not particularly aggressive about reducing the resources used by background tabs.

I rarely use Chrome now, (I mainly run Vivaldi) but when I do, I’ve noticed improvements in how Chrome handles background tabs. I still ran The Great Suspender, though, but cause it was a quality plugin and gave me a little bit of insurance that Chrome wasn’t hogging resources.

However, I’m removing it from all my Chrome/Chromium browsers today, and you should too!

Here’s why:

The Short Version

In June of 2020, the current maintainer of The Great Suspender (Dean Oemcke) announced that he was passing on control of the plugin to a new owner.

While no information about the new owner was released, Dean said that “the project will remain open source and the code here on GitHub will continue to reflect the code published to the chrome webstore”.

This is not an unusual move by Dean. Maintaining a plugin like this can take a lot of time and it doesn’t make much money.

However, this new anonymous maintainer has made several questionable moves lately. Some bordering on malware injection.

While some of these moves have been walked back (after lots of outcry on Github and Twitter), the new plugin maintainer hasn’t come forward to explain anything. Worse, there’s nothing stopping the current plugin owner from trying the same potential malware-injection again in a few months.

The Long Version

If you’re interested in diving more in the weeds on this, here’s the long version!

After taking over this plugin, the new (anonymous) maintainer made a few “interesting” (and silent) updates to the plugin.

These updates did the following:

  • Allow the plugin to connect to 3rd party servers (and execute code found there).
  • Allow the plugin to modify browser web requests.
  • An update to the plugin was pushed to Chrome in October of 2020, but no updates it’s open-source repository. (Remember, the plugin was supposed to stay open-source).
  • Noteably not done: update the plugin owner and tracking information on the Google Chrome web store. (Remember, this transition happened in mid-2020!)

As if all of this wasn’t troubling enough, the plugin appears to be outright lying about some of the 3rd-party software (Open WebAnalytics) it’s using. According to this excellent Github comment by TheMageKing:

Although OpenWebAnalytics is a real software, it does not provide the files executed by the extension. [The files used by the extension] are hosted on the unrelated site owebanalytics.com, which turns out to be immensely suspicious. That site is one month old, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. However, the site contains no real information other than the tracking scripts, and is only found in the context of this extension. Most importantly, the minified javascript differs significantly from that distributed by the OWA project.

Despite all of this discussion on Github, the new maintainer has been completely silent. You would expect a legitimate developer to try and explain the reason for their changes. Especially changes that cause such an uproar, but there have been no statements released.

The Solution

Uninstall The Great Suspender ASAP.

While it may not be malicious currently, the new permissions are far too broad without explanation. They allow the plugin to download and execute unknown code on your browser. They also allow the change the contents of websites you visit without your knowledge or consent.

Since your web browser contains some of the most sensitive information on your computer (passwords, banking information, message history), it’s simply not worth the risk to keep a potentially-malicious plugin around.