IT concerns about Chrome extension security issues

You can also be interested in these:

For users or users of the Google Chrome browser, be careful! Millions of data are reported stolen due to extensions from Google Chrome. There are some Google Chrome extensions that you must avoid if you don’t want your data stolen. Do you like browsing the internet using a laptop or computer? If so, you must have a favorite browser, right? Whether it’s Google Chrome, Mozilla Firefox, Opera, and so on.

On your own computer or laptop, there are several browsers that you can use. But what is quite popular is Google Chrome, a browser made by Google. That’s right, who doesn’t know this browser?

Google Chrome has a lot of extension support or an additional application that makes it easier for us to meet certain needs since they have various features and functions.

If you visit the Chrome Web Store, you can find various extensions according to your needs. Unfortunately, of the many extensions that are scattered on the Chrome Web Store, not a few are actually dangerous.

Quoting from, recently, the computer antivirus company Avast found many dangerous extensions on Google Chrome. Based on a report from Avast, which followed up on findings from CZ.NIC, there are still 15 extensions that are still scattered on Google Chrome. You need to be vigilant, and if you install one of them, it must be removed immediately.

Most of the malicious extensions in Google Chrome are those that redirect users to their social media accounts; then, they are redirected to advertisements and phishing sites.

So they can get the user’s personal data, such as date of birth, email address, and active device used. Not only that, but they also collect users’ browsing data and have the ability to inject malware into the devices that users use.

The danger of malicious extensions

Users must be careful when using or installing browser extensions because it is possible that when you carelessly install a browser extension, it can be infiltrated by dangerous adware.

As you know, browser extensions are special mini-programs that allow you to add functionality and meet user needs. Such programs can have different names like Browser Extensions, plug-ins, and add-ons.

While adware itself is malware that can distribute advertisements automatically, this, of course, can interfere with device performance or work activities. Adware is included in the class of malware or malicious, which can also be dangerous for the security of one’s data.

With the number of extensions that exist today, much malicious adware infiltrated. In fact, it was clear from the cyworedotcom source 70 percent of the extension was used to sound dangerous adware.

Then, from monitoring during the period January 2020 to June 2022, the company observed adware extensions targeting 4.3 million users. Seventy percent of them have malicious extensions.

By 2022, 876,924 browser users are targeted to install fake productivity applications, such as document converters from doc to pdf format or document merging applications.

Hundreds of Chrome extensions actually spy on users

Yes, extensions are mostly useful for productivity. Many people do install some of them to make everything easier. There’s even a chrome VPN extension will block unwanted trackers, which is certainly helpful in protecting personal data. However, you must always be careful when you’re about to install something.

Users of the Google Chrome browser, especially those who frequently install extensions, should be careful. The reason is that the cyber security firm Awake Security found that as many as 111 fake extensions were dangerous.

Most of them are extensions that function as markers when users enter unsafe sites and extensions that change file formats. These extensions can spy on users by taking screenshots, stealing login credentials, and stealing passwords as users type them on the screen. This, of course, endangers Chrome users who use the browser to open sensitive pages. Such as users who work in banking, finance, health, to government organizations.

It is not yet clear who is behind this extension. However, researchers say that the authors included a fake contact when they submitted the extension to Google. According to Gary Golomb, co-founder of Awake, this malicious extension is deliberately designed so that it is not easily detected by computer antivirus. The extension has reportedly been downloaded up to 32.9 million times.

Although it has not been revealed who made it, this malicious extension domain is known to have links with a company from Israel, Galcomm. There are 26,079 domains registered through Galcomm. Of these, 15,160 domains, or about 60 percent, are called dangerous or suspicious.

However, Galcomm’s party denied the accusation. After Awake’s publication, Fogel said most of the domains on record were inactive.

Meanwhile, Google says it has removed all of the extensions Awake mentioned. Google also appreciates Awake for informing about this gap. However, Google did not mention the role of the Galcomm company.

This is not the first case of extensions in Chrome having problems. Last February, extensions on Google Chrome were also reportedly linked to cyberattacks. Google has also made several browser privacy and security efforts to protect its users.

How to make sure the extensions are safe

To ensure that the extensions are safe, it’s always better to check the developer first. Not all extensions are guaranteed. Some, although suspicious, could go through despite Google’s tight regulations.

So before checking anything else, make sure to check the developer first. See their official website, and make sure that it’s legit. Sometimes, we can differ an official website and the questionable one according to their website. If it looks suspicious enough, stay away from the extension as fast as possible.

Aside from the developer, the next thing you have to check is the description. Usually, official and legit extensions will show everything you need to know, including what’s the extension all about, its features, and what it can do.

More stories like this