Your web browser is an ecosystem of its own. It stores your passwords, search history, financial details like credit card numbers, addresses, and more. Just like how malicious apps and services can compromise data on your phone or PC, malicious extensions can expose the data stored in your browser. There are a ton of extensions out there that do more harm than good. In fact, security researchers have just found a dangerous new campaign that is going after browser extensions. So far, around 36 extensions have been compromised, putting over 2.6 million Chrome users at risk of having their browsing data and account credentials exposed.
Open Chrome and access the extensions menu
Hackers are exploiting browser extensions as a gateway to steal sensitive user data through various methods. These compromised extensions are exposing over 2.6 million users to data exposure and credential theft, as reported by security researchers. One common attack involves phishing campaigns targeting the publishers of legitimate extensions on platforms like the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious applications, which then insert harmful code into popular extensions. This code can steal cookies, access tokens, and other user data.
The first company to shed light on the campaign was the cybersecurity firm Cyberhaven, whose employee was targeted by a phishing attack on December 24. This attack allowed the threat actors to publish a malicious version of the extension. Once these malicious extensions are published and pass the Chrome Web Store’s security review, they become available to millions of users, putting them at risk of data theft. Attackers can use these extensions to exfiltrate browsing data, monitor user activity, and even bypass security measures such as two-factor authentication.
View active extensions
In some cases, developers themselves may unknowingly include data-gathering code as part of a monetization software development kit, which stealthily exfiltrates detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or an intentional inclusion by the developer. As a response, the browser extension security platform Secure Annex has launched its investigation. It has uncovered over twenty additional compromised extensions, which are listed below.
If you have any of the compromised extensions listed in Secure Annex’s investigation installed on your browser, it’s essential to remove them immediately to protect your data. The list includes the following: AI Assistant – ChatGPT and Gemini for Chrome, Bard AI Chat Extension, GPT 4 Summary with OpenAI, and many more. Keeping these extensions installed is a serious risk since hackers can still access your data even if the malicious version has been taken down from the Chrome Web Store.
Secure Annex is still investigating and has shared a public Google Sheet with details about the malicious extensions it has found so far, like whether they’ve been updated or removed. They’re also adding new extensions to the list as they discover them.
Confirm removal
If you identify that you have installed any of the above-mentioned extensions on your browser, it is crucial to remove them as soon as possible. Removing these compromised extensions is a straightforward process. Below are the steps you should follow:
- Open Chrome and click the icon that looks like a piece of a puzzle. You’ll find it in the top-right corner of the browser.
- You can now see all the active extensions. Click the three dots icon next to the extension you want to remove and select Remove from Chrome.
- Click Remove to confirm.
By following these steps, you ensure that the malicious extension is completely eradicated from your browser, thus protecting your data from potential theft.
Verify emails and links before clicking
To stay safe from such malicious software and potential breaches, it is crucial to adopt proactive measures. Firstly, verify emails and links before clicking. Many attacks begin with phishing emails that impersonate trusted entities like Google Chrome Web Store Developer Support. These emails often create a false sense of urgency, urging you to click on malicious links. Always verify the sender’s email address and avoid clicking on links without double-checking their authenticity. When in doubt, go directly to the official website rather than using a provided link.
Additionally, using strong antivirus software is another essential line of defense against malicious software. These tools can detect and block malicious code embedded in browser extensions. The best way to safeguard yourself from malicious links that install malware is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Regular audits and updates to your browser and extensions are also vital steps in ensuring ongoing security.
Use strong antivirus software
Having robust antivirus software is an essential component in the fight against malicious software. These tools not only detect and block malicious code but can also analyze extension behavior to identify potential threats. Ensuring that your devices—whether they are Windows, Mac, Android, or iOS—are equipped with such software adds a significant layer of protection against new and evolving threats.
Many antivirus products offer real-time protection, which can alert you to malicious activity as it happens, and proactive scanning, which can root out malware before it becomes a problem. Keep your antivirus software updated to ensure it can defend against the latest threats. Additionally, some antivirus solutions also offer features that help manage browser extensions, further reducing the risk of a malicious extension compromising your data.
Limit extension permissions
Equally important is managing the permissions granted to each browser extension. Some extensions may request access to sensitive data like browsing history, cookies, or even account information. It is crucial to review what each extension asks for and deny permissions that seem unnecessary or excessive. Whenever possible, opt for extensions with limited access to ensure your data remains protected. This cautious approach can significantly reduce the risk posed by compromised extensions.
By controlling the permissions assigned to each extension, you minimize the opportunities for malicious actors to exploit these tools to gather unauthorized data. This proactive measure, coupled with regular audits of your installed extensions, forms a strong defense against potential threats.
Maintaining an up-to-date browser is also a critical part of your security strategy. Browser updates frequently include patches for security vulnerabilities that could be exploited by hackers. Ensuring your browser is always updated can block many attacks before they happen.
Keep your browser updated
Staying vigilant and maintaining an up-to-date browser are essential steps in protecting against potential threats posed by compromised extensions. Updates often include critical security patches that guard against vulnerabilities that could be targeted by malicious software. Using an outdated browser increases the risk of being attacked by threats that could be mitigated by simple updates. Enabling automatic updates ensures that your browser is always protected with the latest security measures in place.
Auditing your installed extensions regularly and removing those that are no longer needed or deemed unsafe helps maintain a secure browsing environment. Reporting suspicious extensions to the official marketplace can also aid in maintaining overall security within the platform, assisting both developers and users in staying protected from potential threats. Lastly, staying informed about cybersecurity trends and potential risks empowers you to make more informed decisions about the tools and extensions you use.
Conclusion
Your web browser is like its own separate ecosystem, holding various personal and sensitive information such as your passwords, search history, credit card numbers, and addresses. Much like how harmful apps and services can threaten your phone or computer, dangerous browser extensions can jeopardize the data stored in your browser. There are numerous extensions available, many of which cause more problems than benefits. Recently, security researchers have identified a new, dangerous campaign targeting browser extensions. To date, approximately 36 different extensions have been compromised, putting the browsing data and account credentials of over 2.6 million Chrome users at risk.
Just like malware on your devices, these malicious extensions can infiltrate your browser and extract personal information. This can lead to serious issues such as identity theft, unauthorized access to accounts, and financial loss. The convenience of storing sensitive data in your browser becomes a double-edged sword, as it also presents a lucrative target for cybercriminals. Users need to be vigilant about the extensions they install, ensuring they come from reputable sources and have positive reviews. Regularly updating your browser and removing unnecessary or suspicious extensions can also help safeguard your data. As cyber threats continue to grow and evolve, staying informed and proactive about your digital security is more crucial than ever.
