Google recently kicked 500 dodgy extensions from Chrome Store

Security researchers revealed this week that Google recently removed more than 500 extensions from its Chrome Web Store after learning that they injected malicious ads into people’s browsing sessions.

Independent researcher Jamila Kaya worked with Cisco’s Duo Security team on the investigation (initially shared with ZDNet), which uncovered what Duo described as “a large-scale campaign of copycat Chrome extensions that infected users’ browsers.”

The extensions were able to exist on the Chrome store as they were designed in a way to beat Google’s fraud detection systems. But they were eventually exposed by Kaya and Duo’s own research methods, which made use of the latter’s free Chrome extension security assessment tool, called CRXcavator.

During the course of their joint investigation, the pair were able to find 70 malicious extensions with a total of around 1.7 million installs globally. After informing Google, the company continued with the case and was able to locate a further 500 similar extensions, all of which it removed from the Chrome Web Store. The web giant was also able to deactivate the extensions on browsers that had them installed, and mark them as malicious to encourage users to remove them entirely.

While the malicious code injected by the extensions sometimes led to ads for sites like Macy’s, Dell, or BestBuy, it wasn’t always the case. Duo said the extensions’ activity could be considered as malvertising and ad fraud rather than legitimate advertising because, 1) it involved a large amount of ad content, 2) many of the ads were hidden from the user, and 3) the user was sometimes redirected to malware and phishing sites.

In a statement, Google said it appreciated the work of the research community on such matters, adding, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses. The company also said that it does regular sweeps to search for malicious extensions and removes any that it finds.

The troubling incident is a good reminder to take a moment to review all of the extensions that you currently have on your computer. If you’re unsure about any of them, do a spot of research before deciding if they’re legitimate, and uninstall any that you no longer use.

“As part of good security hygiene, we recommend users regularly audit what extensions they have installed, remove ones they no longer use, and report ones they do not recognize,” Duo Security said. “Being more mindful and having access to more easily accessible information on extensions can help keep both enterprises and users safe.”

Related posts

Latest posts

Microsoft passwords at risk as hackers exploit Google

The latest trick up the sleeve of hackers is using phony Google ads to swipe your Microsoft account details.

OpenAI CEO Sam Altman admits the heyday of ChatGPT is over

OpeniAI CEO Sam Altman admitted the company's goals have shifted in the wake of DeepSeek staking its claim to the AI industry in a recent Reddit AMA.

The Alienware x16 R2 gaming laptop with RTX 4080 is $600 off right now

The Alienware x16 R2 with the Nvidia GeForce RTX 4080 graphics card is $600 off from Dell. This gaming laptop will run the best PC games without any issues.

Nothing’s next phone may borrow this top iPhone features

Nothing teases yet another feature of the Phone 3a, and this one might be taking a page straight from the iPhone's playbook.

This Lenovo ThinkPad laptop with 32GB of RAM is 45% off

The Lenovo ThinkPad T14s Gen 6 is a powerful laptop with the AMD Ryzen AI 7 Pro 360 processor and 32GB of RAM. It's currently on sale from Lenovo at 45% off.

Android Auto users report issues with TomTom GO, but devs say a fix is coming

Android Auto users reported problems with the TomTom GO app.

Huawei follows Apple, Samsung with intriguing fingerprint smartwatch idea

Samsung and Apple patented plans for a smartwatch fingerprint sensor years ago, but never used one. Now Huawei has its

Google Messages seems nearly ready for its promised 911 RCS support

After an APK dive, Google Messages seems nearly ready for its long-promised 911 RCS support.

Android smartwatches should soon get better charging options

An APK teardown of the Pixel Watch system app shows plans for adaptive charging.

The Pixel Weather app just got a handy update for unit measurements

Pixel Weather's unit switching just got a whole lot smoother.