Friday, 02 June 2023 12:01

32 Malicious Google Chrome Extensions Removed from the Chrome Web Store

Written by

Reading time is around minutes.

Google’s Chrome (and derivatives) is one of the more popular browsers on the market. It reached the height of popularity via a well-orchestrated marketing push, dissatisfaction with Microsoft, and being one of the faster and more secure browsers (at the time). However, the popularity of the browser and some less than stellar security policies in the Chrome Web Store have made it a nice target for attackers.
Goggle recently removed a total of 32 malicious extensions from the store with downloads possibly totaling 75 million.

The pattern of most of these extensions is to get installed, start a clock and then activate the hidden malicious code embedded inside. In some case the code was an API wrapper disguised as a legitimate one that allowed for malicious injections. Google was informed of these issues by different researchers, but it was not until Avast submitted a list of 32 extensions that Google acted. Why Google did not respond to the individual researchers is a bit of a mystery, especially when they have always claimed to put security first in their products.

All the extensions identified by Avast (the company that finally got Google to do something), were found to do basically the same thing. Inject code to hijack browser sessions either for ad insertion or malicious redirects. Avast has a nice list of the extension IDs () for the malicious apps as well as two domains that were found to be used in combination with the extensions (and a file hash). The two domains listed were serasearchtop[.]com and onlinesly[.]com. Getting these into any URL blocking systems that you might have would be a good idea to prevent potential abuse.

For organizations that have the capability publishing Chrome as a controlled App (via Intune for example) is a good move to control the use or plug-ins by users. Even in a BYOD environment, the proper set up of Compliance policies or Configuration profiles can prevent random security issues in Chrome and other browsers. These should be part of good security and hygiene for any remote workplaces but should also not be ignored when it comes to on-site staff. As always, a little bit of proactive protection goes a long way to preventing incidents.

Read 1149 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.