Millions of Google Chrome users could be at risk from these dodgy extensions

2 weeks ago 3

(Image credit: Shutterstock / XanderSt)

Security researcher finds more than 30 unlisted Google Chrome extensions
Cumulatively they have more than four million users
They are potentially hazardous, with a variety of security risks

A cybersecurity researcher from Secure Annex recently discovered more than 30 unlisted browser extensions that put more than four million of its users at different security risks.

In a detailed analysis, researcher John Tuckner explained software developers will sometimes unlist their extensions if they’re not operating properly.

However, he also suggested that malicious actors might unlist them to make it harder for security teams to detect and flag them. After all, these hidden tools cannot easily be found via search engines, or public directories.

Flagging for malicious behavior

“Many companies provide their software through unlisted extensions because it makes it harder for any normal user to find the extension and then hit a wall when it isn’t functional,” he said. “It has also been known as a way to target users to install a malicious extension while being really hard to detect by security teams.”

Some of the extensions Tuckner found, like "Fire Shield Extension Protection," request excessively broad permissions. These permissions include access to users' web traffic, stored cookies, and even browser tabs, which opens the doors to the misuse of potentially sensitive data.

“While the management API is requested, so is access to many more permissions that provide the ability to interact with web traffic on all URLs, access cookie storage, manage browser tabs, and execute scripts!,” Tuckner explained.

Secure Annex's analysis flagged these extensions for potentially malicious behavior, such as accessing stored cookies, or matching signatures associated with known malware. The researcher suggested users remove these unlisted extensions, since their hidden and overly intrusive nature creates unnecessary vulnerabilities.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Fortunately, Tuckner did not find any extensions stealing login credentials or payment information.

However, he stressed that this level of obfuscation for software that can be remotely controlled could mean it can be used as an infostealer. “That is ultimately the problem and threat these extensions pose when they can be controlled remotely.”

We have reached out to Google for comment.

Via Ars Technica

Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article