September 26, 2023

Github Business

Business Printing

Ditch ‘The Great Suspender’ Before It Becomes a Security Risk

I’ve been a fan of The Great Suspender extension for years. Even when Google would drop new features into its Chrome browser to reduce the resources inactivate browser tabs eat up, I still trusted The Great Suspender to “inactivate” them for me to lessen the load on my system. But The Great Suspender has recently proven untrustworthy, and it’s probably time to say goodbye.

Dr. Colin McMillen, lead developer at SemiColin Games, puts it succinctly:

Here’s the longer story: The Great Suspender has a new maintainer (formerly Dean Oemcke), and this unknown entity dropped a few silent updates to new builds of the extension allowing it to connect to various third-party servers and execute code. The extension suddenly started asking for new permissions as well, like an all-encompassing ability to mess with your browser’s web requests. As Github’s TheMageKing wrote in November of last year:

“That lets the extension do what it pleases, including inserting ads, blocking sites, forcible redirects…. This change was supposedly in order to enable new screenshot functionality, but that was unclear.”

They continued:

“On November 6th, @lucasdf discovered a smoking gun that the new maintainer is malicious. Although OpenWebAnalytics is a real software, it does not provide the files executed by the extension. Those are hosted on the unrelated site, which turns out to be immensely suspicious. That site is one month old, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. However, the site contains no real information other than the tracking scripts, and is only found in the context of this extension. Most importantly, the minified javascript differs significantly from that distributed by the OWA project.”

While there does exist an innocent explanation for this, I can no longer say that it is the most likely. Using the chrome web store version of this extension, without disabling tracking, will execute code from an untrusted third-party on your computer, with the power to modify any and all websites that you see. The fact that disabling tracking still works is irrelevant given the fact that most of the 2 million users of this extension have no idea that that option even exists. The fact that the code is not obvious malware is meaningless in light of the fact that it can be changed without notice, and that it is minified (human-unreadable).”

The good news? The offending code appears to have been removed from The Great Suspender, but that doesn’t necessarily mean you should keep using it. The mysterious way the whole situation was handled by the extension’s new maintainer — and their complete silence on this matter (and everything else recently) — makes me a bit nervous that a similar situation could happen again. If nobody reports it — or if you’re not scanning the news for updates on your many browser addons — you’ll never know. Don’t set yourself up to be surprised with a potential security issue down the road.

Alternatives to The Great Suspender

If you’re planning to stick with The Great Suspender, you should at minimum pull up its options and disable any scuzzy analytics via the “Automatic deactivation of any kind of tracking” setting.

Screenshot: David MurphyScreenshot: David Murphy

Honestly, though, you’re better off uninstalling the extension entirely and replacing it with this alternative that removes any and all tracking. It’s unclear if this variant will be maintained in order to keep it in parity with future updates to The Great Suspender, but it should work for quite some time. (In fact, a number of people suggest you simply install an older version of the original addon before it was switched over to its new, unknown maintainer.)

But do you need The Great Suspender at all? As I mentioned, your modern-day browser already probably does a decent job of resource management for inactive tabs. You might be able to get away with just using your browser like you normally would, tabs and all.

If you need more help than that, you have other options for reducing your open tabs and freeing up your precious system resources. I’m a big fan of OneTab and Tabs Outliner, which dump all of your open tabs into a single, easy-to-navigate screen (or sidebar). There are other extensions that limit the number of tabs you can open, a great way to preserve resources and restrain your sprawl. And if you only want a replacement for The Great Suspender, there are other extensions that perform similarly.

Whatever your choice, it’s time to abandon The Great Suspender. It has served us well for years, but no king rules forever.