Technology Google removes 500+ malicious Chrome extensions from the Web Store

17:16  13 february  2020
17:16  13 february  2020 Source:   zdnet.com

Chrome's data 'deleting' bug: Google says a fix is coming soon

  Chrome's data 'deleting' bug: Google says a fix is coming soon Google is working on a new update, and assures users that their app data hasn't actually been erased.The problem arose when some Android devices were updated to Chrome 79 (the M79 update). While the browser itself worked fine, web data suddenly vanished from other apps that rely on Chrome's WebView component. Google responded quickly by slamming the brakes on the update while it investigated.

You will need Google Chrome to install most apps, extensions and themes. Viber's share button allows 'Viber Desktop' users to easily share web sites, Photos and Text directly from the browser.

“ Removal of the malicious extension from the Chrome Web Store may not remove it from impacted hosts,” ICEBRG added. Before publication on the Google Chrome Web Store , extensions are subjected to a process called Enhanced Item Evaluation – a series of automated checks that examine

Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-months long investigation conducted by security researcher Jamila Kaya and Cisco's Duo Security team.

  Google removes 500+ malicious Chrome extensions from the Web Store © ZDNet

The removed extensions operated by injecting malicious ads (malvertising) inside users' browsing sessions.

The malicious code injected by the extensions activated under certain conditions and redirected users to specific sites. In some cases, the destination would be an affiliate link on legitimate sites like Macys, Dell, or BestBuy; but in other instances, the destination link would be something malicious, such as a malware download site or a phishing page.

Google Chrome affected by serious security flaw

  Google Chrome affected by serious security flaw SQLite vulnerabilities could expose Chrome users to malicious attacks.Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data.

Three malicious Chrome extensions spoofing AdBlock Plus were removed from the Chrome Web Store this week. Google scrambled this week to remove a malicious Chrome extension from its store and users’ machines after a popular Twitter account disclosed the issue publicly.

It appears Google has removed all four malicious extensions from the Chrome Web store , but researchers warn that the The malicious extensions —named Change HTTP Request Header, Nyoogle, Lite Bookmarks, and Stickies—have affected more than half a million Google Chrome users

According to a report published today and shared with ZDNet, the extensions were part of a larger malware operation that's been active for at least two years.

The research team also believes the group who orchestrated this operation might have been active since the early 2010s.

Millions of users believed to be impacted

Responsible for unearthing this operation is Kaya. The researcher told ZDNet in an interview that she discovered the malicious extensions during routine threat hunting when she noticed visits to malicious sites that had a common URL pattern.

Leveraging CRXcavator, a service for analyzing Chrome extensions, Kaya discovered an initial cluster of extensions that run on top of a nearly identical codebase, but used various generic names, with little information about their true purpose.

Chrome OS to soon support Android-inspired gesture controls

  Chrome OS to soon support Android-inspired gesture controls Over the weekend, Android Police reported that Chrome OS 80, a version of the operating system currently in beta, will support a gesture-based navigation system which will make the OS more usable by tablet users. In an Android 10-like fashion, Chrome OS is getting a collection of gesture controls with which people can use to navigate the system sans keyboard.In an Android 10-like fashion, Chrome OS is getting a collection of gesture controls with which people can use to navigate the system sans keyboard. As a result, a wider range of handheld mobile devices will actually be able to effectively use the Google-made OS.

Google removes 89 malicious browser extensions from the Chrome web store ; Oracle is As it has done many times over the past year, Google has removed 89 browser extensions , collectively dubbed Droidclub, from its official Chrome web store after security vendor Trend Micro identified

The malicious Chrome browser extensions enabled links to compromised web sites that downloaded crypto-currency mining tools, keyloggers and ads for explicit web sites. Google Removes 89 Malicious Brower Extensions From Chrome Web Store .

"Individually, I identified more than a dozen extensions that shared a pattern," Kaya told us. "Upon contacting Duo, we were able to quickly fingerprint them using CRXcavator's database and discover the entire network."

According to Duo, these first series of extensions had a total install count of more than 1.7 million Chrome users.

"We subsequently reached out to Google with our findings, who were receptive and collaborative in eliminating the extensions," Kaya told ZDNet.

After its own investigation, Google found even more extensions that fit the same pattern, and banned more than 500 extensions, in total. It is unclear how many users had installed the 500+ malicious extensions, but the number is more than likely to be in the millions range.

Extensions disabled in users' Chrome installs

Networks of malicious Chrome extensions have been unearthed in the past. Typically, these extensions usually engage in injecting legitimate ads inside a user's browsing session, with the extension operators earning revenue from showing ads. In all cases, the extensions try to be as non-intrusive as possible, so not to alert users of a possible infection.

Google is finally killing off Chrome apps, which nobody really used anyhow

  Google is finally killing off Chrome apps, which nobody really used anyhow Extensions will still be supported, thoughA Chrome app is a web-based app that you can install in Chrome that looks and functions kind of like an app you’d launch from your desktop. Take this one for the read-it-later app Pocket, for example — when you install it, it opens in a separate window that makes it seem as if Pocket is functioning as its own app.

Chrome isn’t Chrome without the cool and nifty extensions that help you get the most of the browser experience. But this very fact can also be exploited All the infected extensions , reported privately by ICEBRG have now been removed from the Chrome Web Store . They also reported the malicious

Google removes four extensions that used infected computers in click fraud scheme. Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store , a finding that highlights a key weakness in what's widely considered to

What stood out about this scheme was the use of "redirects" that often hijacked users away from their intended web destinations in a very noisy and abrasive manner that was hard to ignore or go unnoticed.

However, in the current state of the internet where many websites use similar advertising schemes with aggresive ads and redirects, many users didn't even bat an eye.

"While the redirects were incredibly noisy from the network side, no interviewed users reported too obtrusive of redirects," Kaya told ZDNet.

A list of extension IDs that were part of this scheme are listed in the Duo report. When Google banned the extensions from the official Web Store, it also deactivated them inside every user's browser, while also marking the extension as "malicious" so users would know to remove it and not reactivate it.

Chrome will soon block risky downloads .
Enterprise users will be able to override the feature."Mixed content downloads", which are initiated on HTTPS web pages but originate from less secure HTTP pages, are considered unsafe by Google.

—   Share news in the SOC. Networks

Topical videos:

usr: 26
This is interesting!