Chrome Web Store extensions have infected hundreds of millions of users with malware
The web browser '
[2406.12710] What is in the Chrome Web Store? Investigating Security - Noteworthy Browser Extensions
https://arxiv.org/abs/2406.12710
Security experts find millions of users running malware infected extensions from Google Chrome Web Store
Study: Millions of Google Chrome Web Store Users at Risk of Running Extensions Infected with Malware | Tech Times
https://www.techtimes.com/articles/306038/20240625/study-millions-google-chrome-web-store-users-risk-running-extensions-malware.htm
To get the most out of web browsers such as Google Chrome, users may download their favorite extensions from extension sites. The most popular and well-known site is the Chrome Web Store, which offers a huge number of Google Chrome extensions created by third-party programmers.
However, the problem with obtaining and using extensions developed by third-party programmers is that the quality level varies depending on the programmer and the possibility of malware being included. Therefore, a research team led by Cheryl Shue of Stanford University investigated the risk of malware in extensions distributed on the Chrome Web Store.
The research team investigated thousands of extensions distributed on the Chrome Web Store, including those that violate the Chrome Web Store's terms of use and privacy policy , as well as those that contain malware or vulnerable code.
In addition to analyzing data from past research activities regarding security issues in extensions, the research team downloaded approximately 125,000 extensions available in the Chrome Web Store between July 2020 and February 2023 and analyzed the code used when the programs were written to look for signs of malware infection. In addition, the research team also analyzed the download history of extensions and the lifespan of extensions.
The study found that over the two-year period, approximately 346 million users downloaded extensions with security issues from the Chrome Web Store. In addition, it was revealed that 280 million of those users were affected by extensions that may contain malware. Until now, Google has claimed that less than 1% of extensions available for download on the Chrome Web Store contain malware, so the research team said, 'Our results are in contrast to Google's claims.'
The research team further noted that, while about 60% of the 125,000 extensions were removed from the Chrome Web Store within a year, some problematic extensions remained in the Chrome Web Store for many years and continued to pose security risks to users. This is because users rarely report these problematic extensions.
Many of the extensions analyzed in this study share similar code provided by public repositories and forums, exacerbating security risks by allowing multiple extensions to use outdated and vulnerable code.
The study also revealed that about 60% of extensions have never been updated since their release, and the research team argued that 'To make the Chrome Web Store more secure, extension maintenance methods need to be improved and both users and the platform need to be more vigilant.'
Related Posts:
