In fact, to function properly and be useful, any plugin usually needs your consent to Read and change all your data on all websites.Īnd yes, it means exactly what it says. First is the level of access to user data they have. In a nutshell, there are three major problems with browser extensions. Why malicious browser extensions are particularly nasty Incidentally, it’s the same story with Google Play - there, too, ordinary users’ complaints generally go unheeded. But it took the authority of several well-known specialists for it to happen. As you can guess, these complaints went unnoticed by Chrome Web Store moderators.Īfter Palant’s study was published, as well as another paper on the same topic by a team of experts, Google finally removed the dangerous extensions. What’s more, among the reviews to some of them, there were complaints from vigilant users about extensions replacing addresses in search results with adware links. The extensions were uploaded to the Chrome Web Store in 20, which means they’d been there for at least six months when the study was carried out.
The most popular malicious plugin found by the researcher was “Autoskip for Youtube” with nine million downloads. Altogether they’ve been downloaded 87 million times. They were downloaded 55 million times combined.įinally, armed with many samples of malicious extensions, he conducted an even more thorough search of Google’s store and discovered 34 malicious extensions with completely different core functionalities.
Next, Palant searched the Chrome Web Store for other extensions accessing this server and found a couple dozen plugins with similar additional functionality. However, inside this extension interesting “additional functionality” was discovered: the plugin accessed a serasearchtopcom site, from where it loaded arbitrary code on all pages viewed by the user. PDF Toolbox boasted an impressive user base and good reviews, with close to two million downloads and an average score of 4.2. At first glance, it was a perfectly respectable plugin for converting Office documents and performing other simple operations with PDF files. It all began when independent cybersecurity researcher Vladimir Palant found an extension called PDF Toolbox containing suspicious code in the Chrome Web Store. Malicious extensions in the Chrome Web Store We explain what these extensions are and why they’re dangerous. The most popular of these extensions had over nine million downloads, and altogether these plugins had been downloaded around 87 million times. Not so long ago, a few dozen malicious plugins were discovered in the Chrome Web Store (the official browser extension store for Google Chrome). KasperskyPremium Support and Professional Services.KasperskyEndpoint Security for Business Advanced.KasperskyEndpoint Security for Business Select.
0 kommentar(er)
