Two differing reports have been released regarding the security of Google Chrome browser extensions. Google claims that less than 1% of all installations include malware, while a study by researchers at Stanford University and the CISPA Helmholtz Center for Information Security suggests that over 280 million users have installed extensions with malware over a three-year period. The researchers analyzed permissions requested by extensions and found that extensions containing malware tend to request more permissions than benign ones, increasing the attack surface. Additionally, they found that these malicious extensions were available in the Chrome web store for an average of 380 days, with one remaining available from December 2013 until June 2022.
Google, on the other hand, maintains that they have a dedicated security team focused on keeping Chrome users safe from extensions. They review all extensions before they are published to the Chrome web store, monitor them afterward, and provide users with a personalized summary of installed extensions. They also have an automated process that uses machine learning systems to examine extensions seeking to be published.
Google recommends four tips to help minimize the risk of malicious extensions, including reviewing new extensions before installing them, uninstalling extensions no longer in use, limiting the sites an extension is allowed to run on, and enabling Chrome Safe Browsing Enhanced Protection Mode. This mode provides protection against phishing, malware, and potentially harmful extensions.
In conclusion, while Google claims that less than 1% of all Chrome Web Store installs include malware, the findings from the researchers at Stanford University and CISPA Helmholtz Center for Information Security raise concerns about the security of Chrome extensions. Users are advised to follow Google’s recommendations to ensure their Chrome extensions are secure.
Article Source
https://www.forbes.com/sites/daveywinder/2024/06/24/280-million-google-chrome-users-installed-dangerous-extensions-study-says/