Security experts find millions of users running malware infected extensions from Google Chrome Web Store

Number of users with a benign, malware-containing, policy-violating, or vulnerable extension installed–The blue tick denotes the means and the red line the median Credit: arXiv (2024). DOI: 10.48550/arxiv.2406.12710

A trio of security experts at Stanford University has found that millions of people are running an infected version of Chrome web browser due to extensions installed from the Google Chrome Web Store (GCWS). Sheryl Hsu, Manda Tran and Aurore Fass have posted a paper to the arXiv preprint server describing their findings after studying thousands of extensions on GCWS.

To get the most out of web browsers, such as Google’s Chrome, users download extensions from popular extension sites. One of the most popular and well-known such sites is GCWS—it hosts extensions for the Chrome web browser that have been written by third-party programmers.

Two of the main problems with downloading and using extensions written by third parties is the uneven level of quality and the possibility of malware. In this new effort, the researchers have looked at the latter issue, and the scale of risk for people using extensions downloaded from GCWS.

The researchers took two approaches to determine how many of the thousands of extensions hosted on GCWS have what they describe as security-noteworthy extensions (SNEs)—those that violate GCWS policy or contain malware or vulnerable code.

The first involved analyzing data from past research efforts into security issues with Chrome web extensions. The second involved downloading all extensions (approximately 125,000) that were available on the site between July 2020 and February 2023 and then analyzing the code that was used when they were written, looking for telltale signs of malware infection.

They also analyzed the site’s download history and the longevity of extensions on the site.

The research team found that approximately 346 million users had downloaded a SNE from GCWS during the two-year period under study—280 million of which involved SNEs with malware. They note that Google claims that less than 1% of extensions hosted by the store have malware—the company also claims to vet all extensions hosted on the site.

The researchers also found that SNEs differ widely in how long they are available on GCWS, from months to years, and that users very seldom report an extension as being problematic.

More information:
Sheryl Hsu et al, What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions, arXiv (2024). DOI: 10.48550/arxiv.2406.12710

Journal information:

© 2024 Science X Network

Security experts find millions of users running malware infected extensions from Google Chrome Web Store (2024, June 25)
retrieved 26 June 2024

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Comments are closed