Security News > 2020 > February > Google Removes 500 Chrome Extensions Tied to Malvertising
Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security.
In a message to the researchers that it had removed the extensions, Google noted that it "Regularly sweeps to find extensions using similar techniques, code and behaviors and take down those extensions if they violate our policies."
While the malicious browser extensions have been removed, the researchers note that the malvertising campaign may have affected 1.7 million Chrome users who downloaded the extensions from the official Google Chrome Web Store.
The latest investigation into extensions began when Kaya, the independent researcher, was conducting a routine threat hunting exercise and found about a dozen suspicious Chrome extensions that were posted in the official Google Chrome Web Store, according to the Duo Security report.
Using CRXcavator, a free, automated Chrome extension security assessment tool developed by Duo Security, Kaya eventually identified about 70 malicious Chrome extensions that all appeared to use the same code and had other similarities, according to the report.
News URL
https://www.inforisktoday.com/google-removes-500-chrome-extensions-tied-to-malvertising-a-13731
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)