Security News > 2020 > February > Google Axes 500 Chrome Extensions Exfiltrating User Data
2020-02-17 19:38
Google has removed more than 500 extensions from the Chrome Web Store after they were found performing covert data exfiltration activities.
Independent security researcher Jamila Kaya and Cisco's Duo Labs originally identified a network of 70 copycat plugins with 1.7 million users that were infecting users' browsers and exfiltrating data.
The plugins had nearly identical source code, had no ratings, and each referenced to a ".com." website that was the exact name of the plugin.
Each of these extensions requires a high, nearly identical level of permissions, which allows them to access a large amount of data in the browser.
Kaya also identified direct malware tied to these plugin sites, likely operating for the same user.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)