On December 19, 2016, the Canvas Security Team advised users of the Canvas LMS that the OneClass Chrome plugin poses a security risk to users that have installed it.
The OneClass Chrome extension allows students to connect to a third party site and share class notes. OneClass is not affiliated with Canvas or Anderson University in any way. Here is an explanation Canvas has provided concerning the danger of using this extension:
When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in [Canvas] labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via [Conversations]. Each message says:
Hey guys, I just found some really helpful notes for the upcoming exams for [school name] courses at https://oneclass.com/s/signup. I highly recommend signing up for an account now that way your first download is free!
Due to the potential security risk, AU has put measures in place to prevent students from accessing OneClass on campus. We strongly suggest that you avoid this extension and recommend that you remove it if you have already installed it.