Researchers at Awake Security have made news over the past 24 hours exposing a scheme in which some 79 malicious Google extensions were found on the Chrome Web Store as recently as the first week of May. While much of the news focused on the malicious Chrome extensions, security pros were scratching their heads over how the attackers managed to circumvent cloud-based security tools that researchers and security analysts have used for a decade or more.

Reuters first broke the story, reporting that users of the Chrome browser – the world’s leading browser by far with 2 billion users – downloaded the malicious Chrome extensions nearly 33 million times.

Google has since taken down the extensions from the Chrome Web Store and said when they are alerted of extensions that violate its policies, they take action and use those incidents as training material to improve its automated and manual analyses.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.