- Security researcher finds more than 30 unlisted Google Chrome extensions
- Cumulatively they have more than four million users
- They are potentially dangerous with a range of security risks
A Cyber Security Scientist from Secure Annex recently discovered more than 30 unlisted browser extensions that put more than four million of its users at various security risks.
In a detailed analysis, researcher John Tuckner explained that software developers sometimes unister their extensions if they are not working properly.
However, he also suggested that malicious actors could not remove them to make it harder for security teams to discover and mark them. After all, these hidden tools cannot be found easily through search engines or public folders.
Flagging for malicious behavior
“Many companies supply their software through unlisted extensions because it makes it harder for any normal user to find the expansion and then hit a wall when it is not functional,” he said. “It has also been known as a way of targeting users to install a malicious expansion, while it is really difficult to detect from security teams.”
Some of the extensions found by Tuckner, as “Fire Shield Extension Protection” are requesting for broad permits. These permits include access to users’ web traffic, stored cookies and even browser tabs that open the doors to the abuse of potentially sensitive data.
“While Management API is being requested, it is also access to many more permits that allow you to interact with web traffic at all URLs, access cookie storage, manage browser tabs and perform scripts!,” Tuckner explained.
Safe Appendix Analysis marked these extensions for potentially malicious behavior, such as access to stored cookies or matching signatures associated with known malware. The researcher suggested that users remove these unlisted extensions as their hidden and overly intrusive nature creates unnecessary vulnerabilities.
Fortunately, Tuckner did not find any extensions that stole login -credentials or payment information.
However, he emphasized that this level of connection to software that can be controlled remains could mean that it can be used as an infoTeal. “It is ultimately the problem and the threat that these extensions are when they can be controlled externally.”
We’ve reached Google for Comment.
Via Ars Technica
