Security News > 2024 > June > Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests
![Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests](/static/build/img/news/risk-of-installing-dodgy-extensions-from-chrome-store-way-worse-than-google-s-letting-on-study-suggests-medium.jpg)
Coincidentally, a trio of researchers affiliated with Stanford University in the US and the CISPA Helmholtz Center for Information Security in Germany just published a paper about recent Chrome Web Store data that suggest the risk posed by browser extensions is far greater than Google admits to.
On Thursday, over at Google, Benjamin Ackerman, Anunoy Ghosh, and David Warren on the Chrome Security Team claimed, "In 2024, less than one percent of all installs from the Chrome Web Store were found to include malware. We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions."
An SNE is defined as an extension that contains malware, violates Chrome Web Store policy, or contains vulnerable code.
The authors collected and analyzed data from Chrome extensions available between July 5, 2020 and February 14, 2023, at which time there were almost 125,000 extensions available in the Chrome Web Store.
Google to push ahead with Chrome's ad-blocker extension overhaul in earnest Chrome users - get an alert when extensions are in danger of falling into wrong hands Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out.
They also call out the "Critical lack of maintenance" of Chrome Web Store extensions - almost 60 percent of extensions have never been updated, meaning they miss out on security improvements such as those built into the Manifest v3 platform revision.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/06/23/google_chrome_web_store_vetting/
Related news
- Google Chrome change that weakens ad blockers begins June 3rd (source)
- Google Chrome reduced cookie requests to improve performance (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google cuts ties with Entrust in Chrome over trust issues (source)
- Google to Block Entrust Certificates in Chrome Starting November 2024 (source)
- Google Chrome to let Isolated Web App access sensitive USB devices (source)
- Google rolls back decision to kill third-party cookies in Chrome (source)
- Google's plan to drop third-party cookies in Chrome crumbles (source)
- Google Abandons Plan to Phase Out Third-Party Cookies in Chrome (source)