Recently, it was found that about 500 Chrome extensions on the Chrome Web Store have uploaded private browsing data to their own servers. These are potentially owned and controlled by people who want to attack you. Jamila Kaya and other researchers from Cisco-owned Duo Security identified 71 extensions on the Chrome Web Store. These extensions had over 1.7 million installations. After the group of researchers privately told Google about their findings, Google themselves found more than 430 additional extensions.
How did these plugins work?
The Google Chrome Extensions presented themselves as tools but they engaged in Ad fraud by taking the user through questionable sites that have a similar domain to the service it is posing as.
All of the rogue extensions contained almost identical source code! However, the function names were unique between them. The lack of user ratings on these ‘tools’ confused the researchers. This, in effect, made them question how the Google extensions got downloaded in the first place.
The computers that had these extensions downloaded received a pop-up notification saying that the plugin has been ‘automatically disabled’. The people who followed a link received a warning stating that ‘This extension contains malware’.
Staying Safe on the Internet
In order to keep yourselves safer in the online world, Duo Security have advised people to go through their extensions. For you to delete the extensions that you no longer use and to report the ones that you may not recognise. If users were to be more mindful when online, they’d be safer. A simple fact. Both the user and enterprises involved would be safer if they were provided with more accessible data about the extensions they may download. Whilst we’re on the subject of safety, there is a tool for you to check the security of chrome extensions. Duo Security developed the tool CRXcavator and it is freely available for the public to use.
Google have since removed all of the known ‘bad’ extensions.