Hundreds of Google Chrome Browser Extensions Revealed to be Spreading Malware for a Decade

Maintaining some level of security on the internet is crucial, but it can often end up becoming very difficult indeed if you are the sort of person that uses Google products because of the fact that some of them are notorious for not being nearly as secure as most people would like them to be, often resulting in countless users having their devices infected with some form of malware as well as putting their data and general privacy and security at serious risk.

The latest example of Google’s failings in the security department is quite serious indeed. Essentially the tech engine giant removed around five hundred extensions that people were using on the Chrome browser because of the fact that these extensions were injecting malware into the devices and systems of the people that were using them, as reported by Duo Security. The number is rather alarming since it indicates a really coordinated effort by a centralized source, but there is another aspect of this that makes it even scarier for people that use Google Chrome, and this is the fact that these extensions had been infecting users with malware for two whole years before someone ended up doing something about it.

What’s more is that the group that created these extensions for the express purpose of spreading malware has been active for a decade now, and by the looks of it they are clearly still going very strong indeed. This means that Google needs to take some really serious measures if it wants to ensure that people are able to utilize their services without worrying about such situations. The fact that a group has constantly been infecting users with malware for a whole decade indicates that some drastic steps need to be taken, otherwise the malicious actors will be emboldened by their successes and would come back with a vengeance.
"The outcome of Jamila’s research, with collaboration from Duo and Google, demonstrates both the increasing real world risk of Chrome extensions and the utility of CRXcavator as a tool to aid researchers in finding vulnerabilities like this. Collectively, we identified 500 Chrome extensions that infected users’ browsers and were consequently removed from the Web Store. More than 1.7 million users were affected which indicates the scale at which browser extensions when used as an attack vector can impact end users. As part of good security hygiene, we recommend users regularly audit what extensions they have installed, remove ones they no longer use, and report ones they do not recognize. Being more mindful and having access to more easily accessible information on extensions can help keep both enterprises and users safe.", explained researchers.


More than 500 Google Chrome Extensions Found Distributing Malware

Read next: Finally, Android Users Can Now Browse Any Website on Google Chrome in Dark Mode

No comments:

Post a Comment