Chrome: 80 million users trapped by vulnerable extensions

The publisher of the popular ad blocker AdGuard has discovered extensions for Google Chrome that download code from a third-party site. By bypassing Google’s security in this way, they can engage in suspicious activity. In total more than 295 extensions with 80 million users would be affected.

The security put in place by Google to validate extensions on the Chrome Web Store seems quite insufficient. Examining the competition, AdGuard , an ad blocker publisher, discovered 295 malicious extensions. They have been installed by more than 80 million users of the  Google Chrome browser , and can be updated at any time to add new functions, without going through the Chrome Web Store.

Google restricts Chrome extensions to help prevent spam - 9to5Google

The company points to fake ad blockers, but also many extensions that only serve to change the background image of new tabs. Once installed, they download a code from the fly-analytics.com site, which allows them to add malicious functions by bypassing Google verification . Extensions use a shorthand technique and upload an image that contains code for advertisements. They monitor the content of each open tab and inject those ads into the results pages of Google or Bing.

Updated extensions without going through the Chrome Web Store

The full list has been posted on GitHub , and Google has already started removing them. In addition to these, AdGuard discovered two other problematic categories. The first consists of just six extensions , named on his blog . They use a technique called ”  cookie stuffing  “. By saving special cookies, publishers receive a commission when the user makes purchases on certain sites.

The last category caught AdGuard’s attention because the number of reviews is far too low for the number of users. This suggests manipulation with fake users. These extensions have no suspicious activity yet, but download a code from Google Tags Manager, which can be updated without verification by Google . Like the other two categories, they can therefore turn into real malware at any time . Better to limit yourself to essential extensions and known editors.