In a recent development, Google has removed 32 malicious extensions from the Chrome Web Store. It collectively had a download count of 75 million. These extensions had the ability to alter search results and push spam or unwanted ads. While appearing to have legitimate functionality. However, cybersecurity researcher Wladimir Palant discovered that these extensions had malicious code that was cleverly disguised to keep users unaware of their potential risks.
Palant analyzed the PDF Toolbox extension and found that it contained code disguised as a legitimate extension API wrapper. This code allowed the “serasearchtop[.]com” domain to inject arbitrary JavaScript code into any website the user visited. The potential for abuse ranged from inserting ads into webpages to stealing sensitive information. Palant did not observe any malicious activity, but the code’s purpose remained unclear.
Google Removes 32 Malicious Chrome Web Store Extensions with 75 Million Combined Downloads
Palant later discovered the same suspicious code in another 18 Chrome extensions. Including Autoskip for Youtube and Soundboost, which had a total download count of 55 million. Despite Palant’s efforts to report the extensions to Google, they remained available in the Chrome Web Store. Avast later reported the extensions to Google after confirming their malicious nature, expanding the list to 32 entries.
Gizchina News of the week
Avast highlighted that the extensions were adware that hijacked search results to display sponsored links and paid results, sometimes even serving malicious links. While the 75 million downloads looks worrying, Avast suspects that the count was “artificially inflated.” Users should note that the removal of the extensions from the Chrome Web Store does not automatically deactivate or uninstall them from their browsers, so manual action is required to eliminate the risk.
The incident highlights the importance of being cautious while downloading extensions from the Chrome Web Store. It is crucial to thoroughly research an extension before downloading it and to double check the permissions it requires. Users should also pay attention to the reviews and ratings of an extension before downloading it, as they can be an excellent indicator of its potential risks.
Google takes the safety and privacy of its users seriously and has policies in place to keep users safe. However, incidents like these show that malicious actors can still sneak their way into the Chrome Web Store. As such, it is crucial for both users and developers to remain vigilant and take necessary precautions to prevent such incidents from happening in the future.