Home / Google / Google Chrome Hit By Malicious Extensions, Reached 500,000 Combined Downloads Before They Were Removed

Google Chrome Hit By Malicious Extensions, Reached 500,000 Combined Downloads Before They Were Removed

At CES, LG introduces new smart home products with artificial intelligence
Four malicious extensions have been detected recently on Google Chrome web browser that potentially exposed 500,000 users. The extensions were believed to have been used for a click-fraud scam operation, security firm ICEBRG reported.  ( Alexander Hassenstein | Getty Images )

Security researchers have detected four malicious extensions on the Google Chrome browser recently. Before it was taken down, the extensions attracted some half-a-million active users.

The extensions have been identified by analytics firm ICEBRG as Change HTTP Request Header, Lite Bookmark, Stickies, and Nyoogle. ICEBRG said the four were likely employed for a click-fraud scam operation with the clear purpose of generating revenues.

Google and other stakeholders have been notified by ICEBRG on the matter, and as of writing, Change HTTP Request Header, Lite Bookmark, and Stickies have been kicked out from the Chrome Web Store. Nyoogle remains available to download, but Google has yet to issue a statement on the apparent oversight.

Chrome A Natural Target Of Malware Attacks

Google Chrome dominates the global web browser usage, which makes it a default favorite of cyberattacks. While the browser is known for its vaunted security features, mainly for its security sandbox and quick deployment of vulnerability patches, malware authors seem to always find an ingenious workaround to crack the protective shell put up by Google.

It appears exploit actors are tapping holes that exist on the Chrome Web Store to penetrate Google‘s security protocols implemented on its web browser. The attackers’ latest weapon, it turned out, is a loaded browser extension.

Using the tactic is quite effective, as malware authors take advantage of the system, which seemingly enjoys robust security, that governs the use of browser extensions found on the Chrome Web Store, according to ICEBRG.

“In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks,” the security firm said on its comprehensive report.

The threat implications are high and true for both the average consumers and enterprise users, ICEBRG warned.

Exploiting The Hole

To highlight the seriousness of the detected threat, which, in theory, managed to expose the system of some 500,000 Chrome users, the security firm offered a brief description on how the weaponized extension works out.

“By design, Chrome’s JavaScript engine evaluates (executes) JavaScript code contained within JSON. Due to security concerns, Chrome prevents the ability to retrieve JSON from an external source by extensions, which must explicitly request its use via the Content Security Policy (CSP),” ICEBRG said.

“When an extension does enable the ‘unsafe-eval’ permission to perform such actions, it may retrieve and process JSON from an externally-controlled server. This creates a scenario in which the extension author could inject and execute arbitrary JavaScript code anytime the update server receives a request.”

The latest incident should convince Google Chrome users to keep a safe distance from browser extensions, specifically those coming from third-party providers, vetted or not by Google’s web security processes.

© 2018 Tech Times, All rights reserved. Do not reproduce without permission.

Source

Check Also

Google Pixel 3 Rumor Roundup: What We Know So Far

Ex-Google engineers develop self-driving car ‘Nuro’ The Google Pixel 3 is one of the most …

Google Pay Begins Global Rollout, Unifying Android Pay And Google Wallet: Features And Perks

Ex-Google engineers develop self-driving car ‘Nuro’ Google Pay launched worldwide and is available now on …

Google Chrome Now Automatically Shortens And Cleans Up Messy URLs When You Share Them

Ex-Google engineers develop self-driving car 'Nuro' Google Chrome now makes long URLs much nicer to look at by automatically shortening tracking strings after a link. But while it looks less chaotic, there are some disadvantages.  ( Kimihiro Hoshino | AFP/Getty Images ) The latest update to Google Chrome, version 64, now cleans up rather messy...

Leave a Reply

Your email address will not be published. Required fields are marked *