Google Chrome: Chrome Web Store is once again under question. This time the reason is some dangerous browser extensions that managed to reach the official store despite Google’s strict security checks. Surprisingly, these extensions were not present on any suspicious website but directly on the Chrome Web Store and have put more than 1 lakh users at risk.
How dangerous extensions circumvented Google’s security wall
According to researchers at cyber security company Symantec, these extensions were not limited to just annoying advertisements or slow browsing. They were accessing data copied to users’ clipboard, stealing sensitive information and allowing remote attackers to take control of the browser. In some cases, these extensions could run dangerous code within Chrome itself, that too for a long time, without the user noticing.
Good Tab Extension
The most worrying name is that of Good Tab extension which was present on Chrome Web Store till the time of writing the news. This extension uses an insecure HTTP iframe to directly access a user’s clipboard data to a remote website. This means that passwords, personal notes or even crypto wallet addresses can be stolen or changed. In such a situation, the user may have to suffer financial loss, that too without any warning.
These extensions also proved to be very dangerous
Apart from Good Tab, many extensions have also appeared. An extension named Child Protection, which has now been removed, was acting as a remote control tool for the attackers. It was capable of stealing cookies, hijacking logins and running arbitrary JavaScript code.
While DPS Websafe presented itself as a reliable tool like Adblock Plus, it actually manipulated search results, monitored browsing, and misled users through fake branding.
An extension named Stock Informer is also said to be currently available on the store which has a serious security flaw. Due to improper message verification, hackers can run dangerous code from anywhere.
What should Chrome users do right now?
If you have ever installed any of these extensions, the safest thing to do is to remove them immediately. Going forward, don’t trust any extension just because it’s available on the Chrome Web Store.
Keep your data safe like this
Install only those extensions that you really need. Before adding any extension, read its permissions and keep checking your installed add-ons from time to time. If any extension looks suspicious or is not in use, it is better to remove it.
Also read:
Wait before buying a second hand phone! A small verification mistake can cause big loss
