Google Chrome is the world's most popular browser, and it is often touted (somewhat erroneously) for security. Because of its popularity, Google Chrome is a prime target for hackers who want to cast a wide net for potential targets. Google has had to contend with numerous attacks against the Chrome browser, especially in the form of malicious browser extensions, in the past. It is this issue that has yet again surfaced according to new research.
The malicious browser extensions in question were uncovered by the network security firm ICEBRG Inc. Totaling four different extensions, researchers went in depth in a blog post to show their function and why they were so dangerous.
Initially, the post explained the issue with present day browser extensions in general, a key point to understanding the four current threats. The explanation is given as follows:
Web-based applications can enhance the user's overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code. Coupling an extension marketplace style “easy install” for users, limited understanding of the underlying risks, and few compensating controls leaves organizations vulnerable to a serious and easily overlooked attack vector.
The malicious extensions were first discovered by ICEBRG when an alarming uptick in outbound network traffic was discovered on a "customer workstation to a European VPS provider." The extensions were discovered to be the following; Change HTTP Request Header, Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes. Following their discovery, ICEBRG researchers eventually concluded the extensions were being used for click-fraud and search engine optimization manipulation.
Kaspersky Lab's Threatpost notes in their report on the malicious extensions that Google Chrome browser has roughly 60 percent of the browser market cornered. The implications of this are alarming if these browser extensions continue to worm their way into Google's official download space, as like it or not, the company is vetting the extensions as "safe" to download. While the company is working with IT professionals to give them more control over blocking extensions from being downloaded by users on their network; much work still remains to be done to protect consumers.