Security News > 2020 > February > Google pulls 500 malicious Chrome extensions after researcher tip-off
Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users.
Depending on which way you look at it, that's either a good result because they're no longer free to infect users, or an example of how easy it is for malicious extensions to sneak on the Web Store and stay there for years without Google noticing.
Google carried out its own fingerprinting based on the research and the number of dubious extensions ballooned to over 500.
Except, an infected user might point out, not often or effectively enough to stop 500 malicious extensions from finding a home inside the Chrome Web Store.
Anyone using one of the now-suspended 500 extensions will find they've automatically been deactivated in their browser, with warnings that mark them as malicious.
News URL
Related news
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)