Security News > 2020 > February > Google pulls 500 malicious Chrome extensions after researcher tip-off
Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users.
Depending on which way you look at it, that's either a good result because they're no longer free to infect users, or an example of how easy it is for malicious extensions to sneak on the Web Store and stay there for years without Google noticing.
Google carried out its own fingerprinting based on the research and the number of dubious extensions ballooned to over 500.
Except, an infected user might point out, not often or effectively enough to stop 500 malicious extensions from finding a home inside the Chrome Web Store.
Anyone using one of the now-suspended 500 extensions will find they've automatically been deactivated in their browser, with warnings that mark them as malicious.
News URL
Related news
- Google Chrome will let you send money to your favourite website (source)
- Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)