Security News > 2020 > February > Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens

Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and data theft.

Using a free extension forensic analysis tool called CRXcavator, released last year by Cisco's Duo Security, independent infosec bod Jamila Kaya spotted a set of similarly coded Chrome extensions "That infected users and exfiltrated data through malvertising while attempting to evade fraud detection on the Google Chrome Web Store," said Kaya, and Jacob Rickerd, a security engineer at Duo, in a blog post this week.

We're told "The Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users. This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store's fraud detection mechanisms."

For the past two years or so, Google has been scrambling to revise the way Chrome extensions work because the APIs available to extension developers can be abused.

Google then created a code fingerprint that led the company to find more than 500 bad extensions and subsequently remove them.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/14/500_chrome_extensions_removed/