Security News > 2020 > January > Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox
UPDATE. Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions.
In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component - those that are paid for, offer in-browser transactions and those that offer subscription services.
"Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," it said in a notice, issued Friday.
According to data from Extension Monitor published mid-2019, there are about 188,000 extensions in the Chrome Web Store, out of which only about 9 percent fall into the paid category.
The disabled apps include a whopping 129 extensions from 2Ring, which offers extensions and add-ons that provide business-to-business functionality for unified communications and contact centers.
News URL
https://threatpost.com/google-mozilla-ban-browser-extensions-chrome-firefox/152257/
Related news
- 18-year-old security flaw in Firefox and Chrome exploited in attacks (source)
- “0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox (source)
- Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Qilin ransomware now steals credentials from Chrome browsers (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)