Morrissey Technology

Loading

Tag Malware in Chrome Web Store

Malware in Chrome Web Store

Watch out! Lots of Malware in Chrome Web Store

Morrissey Technology – Google may claim that less than 1% of extension installations from the Chrome Web Store contain malware. However, other security researchers have different data. For your information, currently the Chrome Web Store contains more than 250 thousand extensions — a kind of additional application for the Chrome browser. Google boasts that its security team has succeeded in reducing the number of extensions containing malware from the Web Store.

“Just like other software, extensions can also contain risks,” said Google’s cybersecurity team.

However, other data emerged from a Stanford University security research team, consisting of Sheryl Hsu, Manda Tran, and Aurore Fass, who collaborated with the CISPA Helmholtz Center for Information Security.

They researched the Security-Noteworthy Extension (SNE) in the Web Store, and this SNE is an extension that is categorized as malware, violates Chrome Web Store rules, or an extension that has security holes.

During July 2024 to February 2023, there were 346 million users who installed extensions in the SNE category FOR4D. 63 million of them violated Web Store rules, and three million had security holes, meaning extensions containing malware were installed 280 million times.

In fact, in that time period there were only 125 thousand extensions available in the Chrome Web Store. The trio of researchers also found that Chrome extensions that are safe and do not contain malware usually don’t last long, only 51.8 to 62.9% survive after one year. Meanwhile, extensions that fall into the SNE category can actually last for an average of 380 days, and can even reach 1,248 days if they only contain security holes.

The SNE that lasted the longest in the Chrome Web Store was TeleApp, which lasted for 8.5 years and was last updated on December 13, 2013. When it was discovered to contain malware on June 14, 2022, this extension was removed. What’s worse, the application or extension rating doesn’t help much to find out the presence of malware in this SNE case.

“Overall, users never give SNE a low rating, which may be because users may not realize that this extension is dangerous. There is also the possibility that there are bots that give fake reviews and give high ratings to the extension,” wrote the research team in his paper.

https://knowyouridol.com/-/for4d/

https://stirringthefire.com/-/for4d/