- The safety researcher finds more than 30 extensions Google Chrome not listed
- Cumulatively, they have more than four million users
- They are potentially dangerous, with a variety of safety risks
A Cybersecurity researcher from Secure Annex has recently discovered more than 30 unrepreted browser extensions that put more than four million of its users at different security risks.
In a detailed analysis, researcher John Tuckner explained that software developers sometimes release their extensions if they do not work properly.
However, he also suggested that malicious actors could leave them to make more difficult for security teams to detect and report them. After all, these hidden tools cannot be easily found via search engines or public directories.
Flagging for malicious behavior
“Many companies provide their software through unlisted extensions because it is more difficult for any normal user to find the extension, then hit a wall when it is not functional,” he said. “It was also known as a way to target users to install a malicious extension while being very difficult to detect by security teams.”
Some of the extensions that Tuckner found, such as “protection for the extension of the fire shield”, ask for excessively wide authorizations. These authorizations include access to user web traffic, stored cookies and even browser tabs, which open the doors to the abusive use of potentially sensitive data.
“Although the management API is requested, access to many other authorizations offers the possibility of interacting with web traffic on all URLs, accessing the storage of cookies, managing browser tabs and running scripts!” Said Tuckner.
Analysis of the secure annex reported these extensions for potentially malicious behavior, such as access to stored cookies or correspondence of signatures associated with known malware. The researcher suggested that users delete these undertone extensions because their hidden and too intrusive nature creates unnecessary vulnerabilities.
Fortunately, Tuckner did not find any extension by stealing connection identification information or payment information.
However, he pointed out that this level of obscure for software that can be controlled remotely could mean that it can be used as an infosteator. “It is ultimately the problem and the threat that these extensions pose when they can be controlled remotely.”
We contacted Google to comment.
Via Ars Technica
