280M Users May Have Installed Chrome Extension Malware

Google Chrome is easily the most popular web browser, with 65% of the global market share. It has long been trusted by users and businesses alike. However, its extension marketplace may be riskier than many people realize. A recent study revealed that 280 million users may have installed Chrome extension malware over the past three years. Other security threats may have impacted another 66 million, putting extension safety measures into further question.

What Is Chrome Extension Malware?

Chrome extension malware is malicious software disguised as a legitimate Google Chrome browser extension. These deceptive extensions often promise useful features but perform harmful actions such as stealing personal information, injecting ads, and redirecting online searches. If the malware is hidden behind legitimate features or services, it can be challenging to notice the harm it’s doing.

Google Says Less Than 1% of Web Store Installs Have Malware

Chrome extensions can improve user browsing by adding new features and customization, yet pose potential security risks. Google addresses these concerns using a mixture of automated and human reviews. Chrome’s Safety check feature can also provide alerts about possible risks. Due to these measures, less than 1% of all installs from the Chrome Web Store include malware.

The review process for Chrome extensions combines automated machine learning checks and manual assessments by Google’s team to filter out unsafe extensions. Ongoing partnerships with security researchers also enhance this monitoring. If any extension proves harmful after publication, it is quickly removed from the Web Store and disabled on all devices, ensuring a secure browsing environment.

Study Claims 280M Have Installed Chrome Extension Malware

Despite Google’s claim that less than 1% of Chrome extensions contain malware, research suggests there’s more to it. Harmful extensions, known as security-noteworthy extensions (SNEs), often remain active in the Chrome Web Store for over a year. The slow removal not only contributes to more people downloading malware-infected extensions, it also means they’re slow to help people who unknowingly already downloaded it.

The effectiveness of Google’s review processes, both automated and manual, is also in question. Many extensions with large user bases go years without proper review, indicating potential oversight gaps. Furthermore, relying on user ratings for extension safety might not be reliable, as harmful extensions can receive high ratings. This could be due to manipulated reviews or users not recognizing the risks hidden by legitimate features. That highlights the need for a stricter review process and improved user education.

Extension Malware Is More Likely To Ask for Extra Access

Chrome extension malware often requests excessive permissions, which can be a red flag for users. These extensions may ask for broad access to website data, the ability to modify user information, or permissions to run in the background. Those requests are commonly far more than an extension of its type should need to ask for. Giving extra access may allow malicious extensions to intercept sensitive data, inject harmful code, or redirect users to phishing sites.

How To Remove Chrome Extension Malware

Removing Chrome extension malware is pretty straightforward, though it does require users to take a few steps:

Identify Suspicious Extensions:

• Open Chrome, go to the menu (three dots in the upper right corner), select “More tools,” and then “Extensions.”
• Review the list of installed extensions. Look for any that you don’t recognize or seem out of place.

Remove the Malicious Extensions:

• Click the “Remove” button on any suspicious extensions.
• Confirm the removal when prompted to ensure the extension is completely uninstalled.

Reset Browser Settings:

• Go back to the Chrome menu and select “Settings.”
• Scroll down and click on “Advanced.”
• Under ‘Reset and clean up’, click “Restore settings to their original defaults.”
• Confirm by clicking “Reset settings.”

Clear Browser Cache and Cookies:

• In the “Settings” menu, click “Privacy and Security.”
• Select “Clear browsing data.”
• Choose “Cookies and other site data” and “Cached images and files,” then click “Clear data.”

Scan Your Computer for Malware:

• Use a trusted antivirus program to scan your computer. That can help remove any remaining traces of malware.

Update Your Browser:

• Ensure your browser and computer are always up-to-date. Updates often include security patches that protect against cybersecurity threats like malware.
• These steps can remove Chrome extension malware and help secure your browser against future infections.

Tips for Staying Safer With Chrome Extensions

Here are some tips to help you stay safer when installing and using Chrome extensions:

1. Carefully Evaluate Before Installing: Always review the details provided in the Chrome Web Store. Look for extensions that have verified and featured badges, which indicate they meet Google’s standards for quality and security. Also, the ratings and reviews from other users, information about the developer, and the extension’s privacy practices should be considered.

2. Be Skeptical of Pop-Ups: Be cautious of websites that push you to install extensions, especially if the site’s content is unrelated to the extension’s functionality. This tactic is often used to spread malicious extensions.

3. Regularly Audit Installed Extensions: Access your Extensions page via chrome://extensions to review and manage your extensions. Uninstall those you no longer use to minimize risk. Periodically check the Chrome Web Store’s descriptions, ratings, and privacy practices, as these can change over time.

4. Align Permissions with Functionality: Ensure the permissions and extension requests match the extension’s stated purposes. If there’s a mismatch, the extension could be overreaching, a common sign of malware. Also, limit the sites an extension can interact with to those necessary for its function.

5. Enable Enhanced Protection: For the highest level of security, turn on Chrome’s Enhanced Protection mode under Safe Browsing settings. This mode offers advanced security against phishing, malware, and harmful extensions. It also keeps you updated with the latest security features, helping to safeguard your browsing experience against evolving threats.

By following these guidelines, you can significantly reduce the risks associated with browser extensions, maintaining your internet safety and data integrity.

Is Google Doing Enough To Prevent Chrome Extension Malware?

While Google has measures to safeguard Chrome users from extension malware, these might not be enough to tackle the sophisticated tactics used by cyber attackers. The current system, which involves automated scans and manual reviews, still allows harmful extensions to slip through and remain in the Chrome Web Store for extended periods.

One way to strengthen these defenses could be to change how permissions are handed out. Many malicious extensions request more access than they need. That means limiting the permissions that can be requested may prevent the damage some extensions can do.

Teaching cybersecurity awareness can also go a long way. Many people download Chrome extension malware without knowing the signs of a security threat. Additionally, ease of reporting and better detection tools will go a long way in detecting extension malware earlier. With an estimated 3.45 billion Chrome users globally, preventing malware is not easy, even for a company as large as Google.

What ITonDemand Does To Protect Our Partners From Malware

ITonDemand protects our partners from malware with active monitoring and threat prevention using solutions like SentinelOne. Our approach combines cutting-edge technology with user education and diligent cybersecurity support. By taking a proactive approach, we help keep systems secure and can detect threats like Chrome extension malware to ensure nothing is lurking in the background. Don’t leave your business’s safety up to chance; let ITonDemand support you with our cybersecurity services.