- News
- Technology News
- Tech News
- Malware in Google Chrome extensions: What you need to know
Trending
Malware in Google Chrome extensions: What you need to know
Stanford study reveals 280 million users downloaded malware-infected Chrome extensions, prompting Google's two-step verification process for extension safety.
Millions of Google Chrome users are reportedly using compromised browser due to malware-infected extensions. According to a study conducted by Stanford University, more than 280 million users from July 2020 to February 2023 have downloaded Chrome extensions infected with malware.
The study scrutinized about 1,25,000 extensions on Google Chrome Web Store (GCWS) for security-noteworthy extensions (SNE).As per the study, around 346 million users downloaded SNEs from GCWS. Out of these, a staggering 280 million downloads were infected with malware.
“We collected permissions by parsing each extension’s manifest.json file,” the study reports, with manifest V3 permissions divided into “permissions (APIs such as storage or cookies) and host permissions (URLs or URL patterns that an extension wants to make requests to)” with both combined in the earlier manifest V2.
The research was led by Sheryl Hsu, Manda Tran, and Aurore Fass. It was published on June 18. The study also underlines ‘a critical lack’ of maintenance in the CWS: 60% of the extensions in the CWS have never been updated; half of the extensions known to be vulnerable are still in the CWS and still vulnerable 2 years after disclosure; a third of extensions use vulnerable library versions.”
In an official blog post published on June 20 (two days after the story was published), Google admits that “as with any software, extensions can also introduce risk.”
It states that before an extension is accessible to install from the Chrome Web Store, it undergoes two levels of verification. These are
What does the Stanford study say?
The study scrutinized about 1,25,000 extensions on Google Chrome Web Store (GCWS) for security-noteworthy extensions (SNE).As per the study, around 346 million users downloaded SNEs from GCWS. Out of these, a staggering 280 million downloads were infected with malware.
“We collected permissions by parsing each extension’s manifest.json file,” the study reports, with manifest V3 permissions divided into “permissions (APIs such as storage or cookies) and host permissions (URLs or URL patterns that an extension wants to make requests to)” with both combined in the earlier manifest V2.
The study highlights that an infected extension tends to ask for more permissions than a benign one. “Ultimately, the more permissions an extension has, the larger the attack surface is,” it stated.
The research was led by Sheryl Hsu, Manda Tran, and Aurore Fass. It was published on June 18. The study also underlines ‘a critical lack’ of maintenance in the CWS: 60% of the extensions in the CWS have never been updated; half of the extensions known to be vulnerable are still in the CWS and still vulnerable 2 years after disclosure; a third of extensions use vulnerable library versions.”
What Google has to say about it?
In an official blog post published on June 20 (two days after the story was published), Google admits that “as with any software, extensions can also introduce risk.”
It states that before an extension is accessible to install from the Chrome Web Store, it undergoes two levels of verification. These are
- An automated review: Each extension gets examined by our machine-learning systems to spot possible violations or suspicious behavior.
- A human review: Next, a team member examines the images, descriptions, and public policies of each extension. Depending on the results of both the automated and manual review, we may perform an even deeper and more thorough review of the code.
About the Author
TOI Tech DeskEnd of Article
FOLLOW US ON SOCIAL MEDIA
Hot Picks
TOP TRENDING
Trending Stories
In Section
Entire Website
- Shri Jagannath Puri Rath Yatra 2024 live streaming: When will yatra start, where to watch online, and other information
- Infosys executive vice president Hemant Lamba resigns, here's what he told CEO Salil Parekh in resignation letter
- Starbucks founder Howard Schultz: Steve Jobs asked me to fire my entire leadership team and 'He was right'
- 5 tips to secure your WhatsApp account
- How scammers are using WhatsApp, Facebook, X and Telegram for investment scams in India
- Google updates Weather app with this Apple Weather-like feature: Here’s what has changed
- How to use picture-in-picture with Google Meet: A step-by-step guide
- 5 things WhatsApp wants you to remember while using the app
- Will GTA 6 include a cryptocurrency mission, internet speculates
- Watch: Anand Mahindra shares video of new tech that uses infrared light to detect veins
- Malabar exercise: As China flexes muscles in SCS, India to host Quad drill
- In last call to family, sepoy talked about new home
- Desperation to devotion: What draws India’s millions to Babas?
- Numbers seem to favour Soren ahead of Jharkhand floor test today
- NTA releases answer keys for CUET-UG, results likely to be announced in a week
- Shiv Sena neta held after son rams BMW into scooter, kills woman
- 20 years, 2,000 dead: Why tragedies strike religious events so often
- Govt makes ‘big’ clarification on Airtel, Jio, other's mobile tariff hike
- NPS vs PPF Calculator: NPS better than PPF to become a crorepati?
- Government reviews FDI caps; may help defence, insurance sectors
Popular Categories
Hot on the Web
Top Trends
Trending Topics
Jagannath Rath Yatra WishesIslamic New Year WishesNatasa StankovicBigg Boss OTT 3 ContestantsGangajalDeepika Padukone Baby Astro predictionAmbani Family GarbaAmbani House AntiliaKeir StarmerTMKOC Star Cast FeesFunniest ImagesMen ExercisesSunita Williams Education QualificationJackie ShroffGujarati Mameru CeremonyIsha AmbaniBest Smart Tv Under 15000Bharti Airtel Data BreachBajaj Cng BikeIndian Cricket Team Welcome Ceremony
Living and entertainment
Latest News
Sagittarius, Daily Horoscope Today, July 8, 2024: Communication is key in relationshipsEU regulator has a ‘warning’ for Nvidia: “We have been…”How scammers are using WhatsApp, Facebook, X and Telegram for investment scams in IndiaGemini, Daily Horoscope Today, July 8, 2024: Take decisive actionsThere is a need not to die but live for the country: Amit ShahWhy Kamala Harris is not speaking about BidenWhy tweets against minister’s wife cost TMC’s Saket Gokhale Rs 50 lakhPM Modi's 2-day Russia visit to begin tomorrow: Check what's on agendaJharkhand cabinet likely to be expanded after trust vote on MondayAir India welcomes its first narrow body aircraft with its new liveryLicence mandatory to set up stalls on private land in Maharashtra's Lonavla'Unluckiest bear in the world': Albino grizzly bear mistaken for a polar bear sent to the Arctic 5 times!6 UP kids drown in 2 separate cases, 4 others & woman savedSubhash Ghai recalls memories with Dilip Kumar on his third death anniversary: 'I stayed with him for 20 years and that changed my whole life' - ExclusivePakistan gears up for Champions Trophy, allocates 17 billion rupees for sprucing up stadiumsNepal PM 'Prachanda' should resign immediately, demands former ally CPN-UMLBigg Boss Malayalam runner-up Arjun Syam requests fans to show respect to the contestants says ' Please refrain from sending degrading messages'70 picnickers stranded at Goa waterfall after rain rescued
Copyright © 2024 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service