Millions of users are unknowingly running a compromised version of the Chrome web browser due to installing extensions from the Google Chrome Web Store (GCWS), as discovered by security experts from Stanford University. Sheryl Hsu, Manda Tran, and Aurore Fass conducted a study on thousands of extensions in GCWS and found that the prevalent issue of downloading third-party extensions poses security risks for users.
The researchers identified security noteworthy extensions (SNEs) on GCWS, which include extensions that violate policy guidelines, contain malware, or have vulnerable code. Through their analysis, they determined that approximately 346 million users had downloaded a GCWS SNE between July 2020 and February 2023, with 280 million of those involving malware-infected extensions. This highlights the widespread problem of users unknowingly installing malicious extensions on their browsers.
Despite Google’s claim that less than 1% of extensions on the store contain malware, the researchers’ findings suggest a much higher prevalence. Furthermore, they found that SNEs varied in longevity on the site, with some remaining available for months or even years without being reported as problematic by users. This indicates a lack of awareness among users regarding the potential risks associated with downloading and using third-party extensions.
The study sheds light on the need for improved security measures on popular extension sites like GCWS to protect users from malware and policy-violating extensions. The researchers’ findings underscore the importance of user education and awareness when it comes to downloading and using browser extensions, especially those from third-party developers.
Overall, the study highlights the significant security risks posed by installing extensions from GCWS and calls for increased vigilance among users to protect themselves from potential malware infections. With millions of users unwittingly running compromised extensions, the findings underscore the urgency of addressing security vulnerabilities on popular browser extension platforms.
Article Source
https://techxplore.com/news/2024-06-experts-millions-users-malware-infected.html
