Security experts Sheryl Hsu, Manda Tran, and Aurore Fass from Stanford University have uncovered a major issue with Chrome extensions downloaded from the Google Chrome Web Store. Their research revealed that millions of users are running infected versions of the Chrome browser due to extensions that either contain malware or vulnerable code. The study, detailed in a paper on the arXiv preprint server, analyzed approximately 125,000 extensions from the store and found that 346 million users had downloaded at least one extension with significant security concerns.
The researchers used two primary methods to assess the safety of these extensions. They first reviewed past research on security issues related to Chrome extensions and then conducted their own comprehensive analysis of extension code. Their findings highlighted that a substantial number of these extensions violate Google’s policies or include harmful code.
Their study showed that 280 million of the identified users had downloaded extensions with actual malware. Despite Google’s claims that less than 1% of extensions on their platform contain malware, the researchers’ data suggests a much higher prevalence of malicious or risky extensions.
Additionally, the research found that problematic extensions vary widely in their duration on the store and that users rarely report issues with them. This lack of user feedback and the longevity of these extensions contribute to the ongoing risk, underscoring a need for improved security measures and more vigilant oversight of the Chrome Web Store.
Reference:
