- The security researcher finds more than 30 not listed Google Chrome extensions
- They cumulatively have more than four million users
- They are potentially dangerous, with a variety of safety risks
A Secure Annex cybersecurity researcher recently discovered more than 30 non -listed browser extensions that put more than four million users in different safety risks.
In a detailed analysis, researcher John Tuckner explained that software developers sometimes do not list their extensions if they are not operating correctly.
However, he also suggested that malicious actors may not be able to prevent them from being more difficult for security equipment to detect and mark them. After all, these hidden tools cannot be easily found through search engines or public directories.
Marking for malicious behavior
“Many companies provide their software through unnatured extensions because it makes it more difficult for any normal user to find the extension and then hit a wall when it is not functional,” he said. “It is also known as a way of directing users to install a malicious extension while it is really difficult to detect by security equipment.”
Some of the Tuckner extensions found, such as “protection against the extension of the fire shield,” request excessively broad permits. These permits include access to the web traffic of users, stored cookies and even browser tabs, which opens the doors to the misuse of potentially confidential data.
“While the administration API is requested, it is also the access to many more permits that provide the ability to interact with web traffic in all URLs, access to cookies storage, manage browser tabs and run scripts!”, Tuckner explained.
Annex Secure’s analysis marked these extensions for potentially malicious behavior, such as accessing stored cookies or coincident signatures associated with known malware. The researcher suggested that users eliminate these non -listed extensions, since their hidden and too intrusive nature creates unnecessary vulnerabilities.
Fortunately, Tuckner found no extensions that steal login or payment information credentials.
However, he emphasized that this level of obfuscation for software that can be controlled remotely could mean that it can be used as infants. “That is ultimately the problem and threat that these extensions represent when they can be controlled remotely.”
We have communicated with Google to comment.
Through Ars Technica
