Security News > 2020 > May > More crypto-stealing Chrome extensions swatted by Google
Google deleted 49 malicious Chrome extensions from the Chrome Web Store in mid-April after Harry Denley, director of security at MyCrypto, found them phishing cryptocurrency users.
The extensions impersonate Chrome extensions for legitimate cryptocurrency wallets, but when installed they pilfer the users' private keys and other secrets used to access digital wallets so that their authors can steal victims' funds.
Google has acknowledged a general problem with malicious extensions and has announced new rules for the Chrome Web Store.
The problem, according to Dan Finlay, the lead developer at crypto wallet company MetaMask, is that Google allows phishing ads that point to fake extensions.
The official MetaMask extension has over 1,000,000 users - you'd assume Google would have some sort of plan to tackle any potential fake extensions with the Metamask branding.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)