Application security

Malicious Chrome web store extensions identified

SecurityWeek reports that more than 30 malicious extensions in the Google Chrome web store with nearly 87 million total user downloads have been discovered to have obfuscated code enabling JavaScript code-injection by third-party websites to all visited websites. Autoskip for Youtube, Soundboost, Crystal Ad block, and Brisk VPN were the most popular among the 34 malicious extensions, having downloads ranging from 5 million to 9 million, while over a million downloads were recorded for most of the other extensions although such download figures could be exaggerated, according to a report by security researcher Wladimir Palant. On the other hand, an Avast report revealed malicious code across 32 extensions with 75 million total downloads but such installs were found to be significantly disproportionate to the user reviews in the Chrome web store. "What's more, we found that the number of people who encountered the threat isn't proportional to the number of installs from the Chrome Web Store," said Avast.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.