MALICIOUS ATTACKS
A BROWSING CHALLENGE Analysts are challenging malicious extension risks
By David Pearson
Google Chrome is largely considered one of the most security-conscious browsers, but recent headlines revealed some of its weaknesses. Reporting indicates that four of Chrome’s most popular extensions, which have amassed more than 500,000 down-
loads in total, are thought to be malicious.
The suspect extensions have since been banned from the Chrome Web Store, but the news highlights the inherent risk of browsers and third-party apps, which warrant deeper examination.
Ongoing Browser Extension Risks
Google has made significant efforts to enhance the security of its browser. In addition to more commonly-known measures, the
company invests in bug bounties and other competitions to help root out some of the major problems that could be exploited by a high-skilled attacker, and takes a forward-thinking approach when it comes to user privacy. These measures do make it harder for hackers, but with so much market share and interest from the security community, vulnerabilities will continue to be discov- ered. Additionally, because extensions are generally created by third-party vendors, it’s a great source of unknown.
When it comes to extensions, Chrome requires downloads di- rectly from the Chrome Web Store for major OSes (Windows/ OS X). However, it doesn’t seem as though there are any security checks conducted on these extensions before they’re published. This means it would take a critical mass of security-related com- plaints before Chrome would be made aware of any problem. That’s not to blame Google—even if its extensions were subject to the same scrutiny used for Android apps in the Google Play
NS12
0918 | NETWORKING SECURITY
Evan Lorne/Shutterstock.com