Over 500 browser extensions which have been downloaded millions of times from the Chrome Web Store uploaded private browsing data to malicious parties.
Independent researcher Jamila Kaya, in partnership with Duo Security, found that 71 Chrome apps which had been downloaded over 1.7 million times were part of a malicious advertising network.
After the researchers reported the matter to Google, the tech giant discovered over 430 other extensions that were also part of this network.
“We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said Google.
“We do regular sweeps to find extensions using similar techniques, code, and behaviours, and take down those extensions if they violate our policies.”
How it works
“Malvertising” is a process whereby malicious parties create fake advertisements that appeal to their targets.
Upon clicking on these advertisements, victims can be targeted with malware installations.
“The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,” said Duo Security.
It recommended that users regularly audit their Chrome extensions.
“As part of good security hygiene, we recommend users regularly audit what extensions they have installed, remove ones they no longer use, and report ones they do not recognize,” said Duo Security.
“Being more mindful and having access to more easily accessible information on extensions can help keep both enterprises and users safe.”