Security News > 2020 > February > Google pulls 500 malicious Chrome extensions after researcher tip-off
Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users.
Depending on which way you look at it, that's either a good result because they're no longer free to infect users, or an example of how easy it is for malicious extensions to sneak on the Web Store and stay there for years without Google noticing.
Google carried out its own fingerprinting based on the research and the number of dubious extensions ballooned to over 500.
Except, an infected user might point out, not often or effectively enough to stop 500 malicious extensions from finding a home inside the Chrome Web Store.
Anyone using one of the now-suspended 500 extensions will find they've automatically been deactivated in their browser, with warnings that mark them as malicious.
News URL
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)