Skip to main content
By Jeremy KirkAugust 19, 2014 09:01 PM ET A study of 48,000 Chrome extensions uncovers ad fraud, data theft and other misdeeds. IDG News Service - An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.

The study, due to be presented Thursday at the Usenix Security Symposium in San Diego, forecasts growing security problems around extensions as cybercriminals tap into the rich data contained in Web browsers for profit.

They found 130 outright malicious extensions and 4,712 suspicious ones, engaged in a variety of affiliate fraud, credential theft, advertising fraud and social network abuse.

"By installing an extension, you will not see any malicious behavior," said Alexandros Kapravelos, a doctoral candidate at the University of California at Santa Barbara, in a phone interview. "You need to visit specific pages to trigger the malicious behavior."

 

ComputerWorld/ Full Article Here/ http://www.computerworld.com/s/article/9250498/Many_Chrome_browser_extensions_do_sneaky_things
      

The majority of extensions are not malicious, dangerous or privacy invading. The last years have seen a rise of an industry however that monetizes browser extensions.

Companies contact extension developers to either purchase successful extensions (based on users) outright, or broker a deal with the developer to include scripts used to monetize the extension or track users of it.

This seems to happen more on Chrome than on Firefox, and one of the reasons why that is the case is that Chrome extensions get updated automatically, often without the user even noticing that this happened.

So what can you do to prevent this from happening to you?

  http://www.ghacks.net/2014/10/05/precautions-to-take-before-installing-chrome-extensions/
good article Dermot7 this articles gets right to the core "check the source" of the third party extension and make sure its reputable or not, don't take for granite just because its offered by company's on their software.

Reply