- Tags as “verified” give a false sense of security, but do not reflect the real extension behavior
- The Devtools browser never intended to track how extensions behave through the tabs and over time
- Malicious extensions often act normally until specific triggers make their hidden characteristics come alive
The propagation without control of malicious browser extensions continues to expose users to Spyware and other threats, largely due to deep failures in the way in which the software manages the security of the extension.
A new Squarex research states that many people still depend on superficial trusted markers such as “verified” or “highlighted chrome”, which have not been able to prevent a generalized commitment.
These markers, although they are destined to reassure users, often offer little information about the real behavior of an extension.
Tags offer little protection against dynamic threats
A central theme lies in the limitations of the Devtools browser, which were designed at the end of the 2000s for the purification of web pages.
These tools never intended to inspect the much more complex behavior of the modern extensions of the browser, which can run scripts, take screenshots and operate through tabs, actions that existing development devices fight to track or attribute.
This creates an environment where malicious behaviors can remain hidden, even when they collect data or manipulate web content.
The failure of these devotools lies in their inability to provide telemetry that isolates the extension behavior of the standard web activity.
For example, when a script is injected into a web page for an extension, Devtools lacks the media to distinguish it from the native functions of the page.
The incident of GecoPick offers an example of how confidence indicators can fail catastrophically: according to the results of Koi Research, 18 malicious extensions could distribute Spyware to 2.3 million users, despite carrying the highly visible “verified” label.
To address this, Squarex has proposed a new frame that involves a modified browser and what it calls the browser’s agents.
This combination is designed to simulate various user behaviors and conditions, extracting hidden or delayed responses from extensions.
The approach is part of which Squarex terms the Sandbox extension monitoring, a configuration that allows a dynamic analysis based on real -time activity instead of only the inspection of the static code.
At the moment, many organizations continue to depend on free antivirus tools or built -in browser protections that cannot be kept up to date with the evolutionary threat panorama.
The gap between perceived and real security leaves vulnerable individuals and companies.
The long -term impact of this initiative remains to be seen, but reflects a growing recognition that browser -based threats require more than superficial safeguards.
