However, this type of component can reach users’ browser through other means, such as sideloading this means that a third-party program can add it to Chrome. Even so, some of them made it to the repository. Google has taken steps to mitigate the risk of malicious extensions in the Web Store by verifying each entry. At the moment of detection, one of them had been downloaded 1.8 million times.Īn example of an extension in Chrome Web Store that stole information was “Chrome Keylogger,” designed to capture details from the browser and send the data to a remote server. Others performed add manipulation through replacing original ads, inserting ads into pages, overlaying ads over content or changing affiliate IDs to direct the revenue to its owner. One component was found to inject code in every page visited by the user it had been added to 5.6 million browsers. In total, we found more than 3,000 extensions that dynamically introduced remotely-retrieved code either through script injections r by evoking ‘eval’,” explains the paper.
“In principle injection need not occur at all, since Chrome extensions can come packaged with all the code needed to operate.
Suspicious behavior of the extensions included affiliate fraud, credential theft, ad injection or replacement, and social network abuse.Īmong the results of the analysis, there were components that tampered with the security-related HTTP headers, which allowed JavaScript injection in web pages. It leverages HoneyPages, web pages created to provide the necessary conditions for the extension to perform, and a fuzzer, for driving the execution of event handlers registered by the browser component, allowing researchers to conduct the experiment. Hulk helped them analyze the extensions and determine the nature of their activity. The authors of the paper presented their findings on Thursday, during the 23rd USENIX Security Symposium on San Diego, California. Studying a number of 48,332 Chrome extensions using a specially designed tool called Hulk, security researchers discovered 130 of them to sport malicious activity and 4,172 behaving suspiciously most of them were spotted in Chrome Web Store. Extensions with suspicious activity as well as downright malicious ones have been discovered in Google Chrome’s Web Store, posing risks such as code injection in web pages, browsing monitoring or information stealing.
0 kommentar(er)
