Study Reveals The Risk Involved With Chrome Extensions

Risk knob turned towards high

Google’s Chrome browser includes a number of useful features itself, but it also offers the opportunity to add features and capabilities through extensions. There are thousands of options for extensions offering a variety of functionality. Not all of these extensions are trustworthy, however. At Tech World, Jeremy Kirk reports that about 10-percent of Chrome extensions examined by security researchers were deemed either malicious or suspicious.

Researchers began looking closely at extensions due to concerns that they are the next attacking point for cybercriminals because of the potentially valuable information available through compromised web browsers. After examining 48-thousand extensions, researchers found 130 that were outright malicious and another 4712 suspicious extensions.

The flagged extensions were capable of various misdeeds, including affiliate fraud, credential theft, advertising fraud and social network abuse.

Much like malicious apps, extensions are granted permissions that give them a great deal of power. Malicious extensions have been observed intercepting web requests from the browser and injecting JavaScript into web pages. Researchers hope that the results of this study help to make clear that extensions need to be more limited.

If you’ve installed a malicious extension, you also won’t know about it right away. The extensions are designed to stay dormant until you visit a specific type of website. Even then, a typical user may not notice any malicious or suspicious behavior.

Google has already reacted to these findings and is attempting to make it harder for unofficial extensions, like those found outside of their Web Store, to be installed. It’s likely more changes will be implemented soon so that Google can exert even more control over extensions.

While some of the flagged extensions weren’t harmful to users, they still displayed activity that was suspicious in nature, like changing ads on a site. Some of these extensions have been downloaded millions of times.

If you’ve installed any extensions from outside of Google’s Web Store, your safest option is to uninstall it immediately. If you feel your computer has been compromised and may still be infected by malware, call Geek Rescue at 918-369-4335.

For your business solution needs, visit our parent company JD Young.

August 21st, 2014