Google has removed 500 malicious Chrome extensions

Google removed over 500 of its extensions από το Web Store, γιατί σύμφωνα με τους , έκλεβαν δεδομένα ς, και προωθούσαν απάτες κλικ μετά την on the computers of millions of users.

Depending on how you look at it, this is a good thing because they are no longer available to infect users, but it is also bad considering how easy it is for malicious extensions to go through the Web Store and stay there for years without being detected. Google.


The malicious extensions were found by researcher Jamila Kaya who used the tool CRXcavator Duo Security (available at to detect some suspicious extensions.

Η discovery of extensions was only the beginning, as he had to connect them together to reveal repetitive paterns that could detect other malicious extensions.

So the first thing the researcher noticed was that the of each s often looked like the other's code, it was a copy with minor changes in the names of the internal functions.

Another similarity was the large number of permissions the extension requested during installation, which allowed them to access browsing data and run when visiting sites using HTTPS.

The researcher, in collaboration with Duo Security, finally identified 70 extensions that appeared to be related to each other. They all came into contact with similar command and control networks and appeared to be designed to detect and neutralize sandbox analysis.

Many of the extensions have been active for almost a year, while others have been around for much longer.

Google immediately conducted its own research based on the research of Jamila Kaya and the number of malicious extensions exceeded 500.

Google reported:

We do regular scans to find extensions using similar techniques, codes, and behaviors and remove those extensions that violate our policies.

The extensions discovered by Duo Security and Kaya had been installed a total of 1,7 million times.

Google's Chrome Web has about 190.000 extensions, and this large number may be part of the problem. Malicious extensions can and do hide much more easily from the crowd.

Mozilla Firefox has dealt with the same issue on a smaller scale and recently banned 197 dangerous extensions and reminded everyone that it will no longer tolerate remote code extensions.

If you used one of the 500 extensions that were removed, you will find that it is automatically disabled in their browser, with malicious warnings.

What did we learn?

No one can assume that because an extension is hosted on an official web store it is in use:

  • Install as few extensions as possible and, despite the above, only from the official web stores.
  • Check the comments from others who have installed the extension.
  • Pay attention to the developer's reputation and how often they release version updates.
  • Pay attention to the permissions requested by the extension (Chrome, Settings - Extensions - Details) to see if they match the features of the extension. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).