Chrome Had More Than 500 Harmful Extensions: Users Beware!

Over 500 malicious Google Chrome extensions were hosted on the Google Chrome Store. These are meant to steal personal info or to inject malicious advertisements, popularly known as ‘malvertising’

Must Read

Looking For A Job At Amazon? Jeff Bezos Is Willing To Hire Everyone If……

The global pandemic Covid-19 has thrown the whole world into complete chaos. Amid this perilous situation, one...

CII Suggests India Implement Its Own Version Of “Helicopter Drop” Amid The Covid-19 Outbreak

After Canada, Singapore, Australia and the US, it's time for India to work on a financial plan...

Facebook To Invest In Reliance Jio To Redefine The Market Equations in India?

Since the launch of Reliance Jio in the year 2016, Reliance Industries, owned by Mukesh Ambani, the...

Google is committed to providing a clean, safe and enhanced internet experience through its Chrome browser. In a bid to do so, the company has taken a step closer to make the Chrome browser provide the safest browsing experience.

It has been reported that Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-months long investigation which was conducted by security researcher Jamila Kaya and Cisco’s Duo Security team.

Advertisements

If you are a frequent user of the Chrome Browser from the family of Google Web-Based Apps yo would most certainly be well acknowledged with what ‘chrome extensions’ are and how they function. These are small programs that can be installed into Chrome browser in order to perform a few activities quickly by a click of a button according to your requirements.

The Google Chrome extensions which are removed are found to be harmful and meant to inject malicious advertisements, popularly known as ‘malvertising’ inside the browsing session of a user who had that extension installed and activated in the Chrome browser.

The injected malicious code from the extensions was prone to get activated under some certain specific conditions after which they redirected the users to specific websites. It was observed that they were mostly affiliate links which redirected to legitimate and safe sites such as that of Dell, Macy’s, or BestBuy but in other cases, however, the destination link would take them to a malicious page like that of a malware download site or a phishing (identity theft) page.

According to the report that has surfaced on various news outlets, the extensions seemed to have been part of a larger malware operation that’s been active for at least two whole years. The research team also holds the belief that the group in charge of the orchestration of this operation might have been active since 2010.

This whole operation was first uncovered by a security researcher named Jamila Kaya during a routine threat hunting when she noticed visits to malicious sites that had a common URL pattern. She used a service named CRXcavator used for analyzing Chrome extensions and unearthed an initial cluster of extensions that run on top of a nearly identical codebase, but used various generic names, with very little and vague information about their true purpose.

Advertisements

She then went on to contact Cisco’s Duo Security Team and with the combined strength they were able to quickly fingerprint them using CRXcavator’s database and discover the entire network.

According to Duo, these first series of extensions had a total install count of more than 1.7 million Chrome users. Later with their solidifying research, Duo and Kaya later reached out to Google with their findings who were cooperative and very prompt to take action according to Kaya.

Google after conducting their own investigation found even more extensions which fit the same pattern and therefore went on to ban more than 500 of these malicious extensions from the Chrome Extensions Store. It still remains unclear what is the total strength of the people who have installed these extensions but an approximate range would be that in the millions.

Google To Deal With Malicious Threats

Google, popularly known as internet behemoth, offers a wide range of products that are used by millions of internet users worldwide. Their Chrome Web Browser is leading the global market share of web browsers by 64.92% as of October 2019.

Google has to step up to the plate in its efforts to bar such malicious extensions. The tech giant has already put a new set of user data privacy policy guidelines, requiring all extensions that handle user data to have a privacy policy, gain consent from the user, and only use the minimum required amount of permissions. They have also implemented a program which will pay out bounties to researchers who find extensions that are violating this policy, therefore, ensuring that the chances of the existence of such extensions are completely wiped out.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook Users Who Dumped It Earlier Are Returning Back To The Platform!

Facebook Inc. (NASDAQ:FB) is gaining ground and it's no less than a surprise to know who is...

Zoom iOS App Caught Sharing User Data With Facebook! Are You Using It?

With the growing number of people worldwide now trying to adapt to the ‘work-from-home’ situation amid the Covid-19 outbreak, Zoom which is...

A New WhatsApp Scam Is So Lucrative That You May Find Difficult To Resist

As the usage of social media and mobile messaging apps has surged tremendously worldwide due to the social distancing and lockdowns to...

Switch Off Your Amazon Alexa If You Are Working From Home!

Weeks after the widespread of the coronavirus, countries continue to go into lockdown mode for more weeks to come. People are advised...

Facebook Portal TV: Once Mocked Widely, Now Sold Out Completely!

Two years go, Facebook Inc. (NASDAQ:FB) released the first device in their Portal video calling series. This move brought them a lot...

Facebook To Invest In Reliance Jio To Redefine The Market Equations in India?

Since the launch of Reliance Jio in the year 2016, Reliance Industries, owned by Mukesh Ambani, the richest man in India, has...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This