Researchers at Awake Security have made news over the past 24 hours exposing a scheme in which some 79 malicious Google extensions were found on the Chrome Web Store as recently as the first week of May. While much of the news focused on the malicious Chrome extensions, security pros were scratching their heads over how the attackers managed to circumvent cloud-based security tools that researchers and security analysts have used for a decade or more.
Reuters first broke the story, reporting that users of the Chrome browser – the world’s leading browser by far with 2 billion users – downloaded the malicious Chrome extensions nearly 33 million times.
Google has since taken down the extensions from the Chrome Web Store and said when they are alerted of extensions that violate its policies, they take action and use those incidents as training material to improve its automated and manual analyses.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.