Buggy Extensions Hit Chrome Store

Monday, February 4, 2013 @ 08:02 PM gHale

There is now a move to ship malicious web browser extensions by uploading them to the official Google Chrome store, researchers said.

Hackers have turned to this technique after Google added some security mechanisms that prevent the silent installation of extensions, said researchers at Kaspersky.

Slow Fix: DNS Flaw 5 Years Later
Back to Basics: Security 101
Drive-bys Tops EU Threat Reports
Ensuring Software Security Policies

In one scenario, the attackers, who seem to be out of Turkey, used Facebook to lure users to websites hosted on .tk domains. These domains are set up to redirect visitors to a bogus Chrome update site, the researchers said.

Those who choose to update end up with instructions on how to do so and urged to download extensions called “Chrome Guncellemesi,” “Chrome Update” or “Flash Player 12.1” from the official Chrome Web Store.

Despite the fact they are on a legitimate Google site, the extensions are malicious, since they ask the user for permission to access all the data on all the websites they visit.

Similar extensions are on Firefox as well.

Google is aware of the issue and the company is working on a cleaning up its store.

Leave a Reply

You must be logged in to post a comment.