Experts from the network security vendor ICEBRG have just found four malicious Chrome extensions at the official Chrome Web Store along with a count 500,000 of combined users. The implications as with past incident are taken serious at both enterprises and consumers edges.
ICEBRG Experts then informed Google, since three of those malicious Chrome extensions have been eliminated from the Google Chrome Web Store. The reason behind the fourth extension was not clear immediately by Nyoogle.
However, Google didn’t answer to the request for a comment on Tuesday. Stickies, Change HTTP Request Header and Lite Bookmarks are other three malicious Chrome extensions.
Mario De and Justin Warner, researchers at ICEBRG wrote in a blog post that, “Coupling an extension marketplace style ‘easy install’ for users, limited understanding of the underlying risks, and few compensating controls leaves organizations vulnerable to a serious and easily overlooked attack vector.”
A doubtful jump was noticed by ICEBRG in the outbound network traffic by the customer workstation site. Then the subsequent investigation disclosed the malicious Chrome extensions. The extensions were more likely to be used for search engine optimization and click-fraud manipulation, but nevertheless ‘provided a foothold that the threat actors could leverage to gain access to corporate networks and user information’, according to the blog post.
Still, the satire is that Chrome has been supposed to be one of most secured browsers in the market, says Ken Spinner, who is the VP of Varonis, the worldwide security software platform developer.
Spinner said that, “Obviously, this should give people reason for concern. Everything should be under the scrutiny of your security people. People have to start thinking that if they’re not already, they will be exploited.”