Google Chrome fans are being put on alert after an extension from the Chrome Web Store was found to have an extension that could compromise their laptop.
Google Chrome is without a doubt the most popular internet browser in the world right now.
Latest NetMarketShare stats for the first two months of 2018 give the search engine giant’s browser a huge 61.01 per cent market share.
Its nearest challenger is Microsoft’s Internet Explorer with a 12.42 per cent chunk of the market, followed by Firefox on 10.89 per cent.
Whereas Microsoft’s newer Edge browser, which is the default choice on Windows 10, lags behind on 4.53 per cent.
These stats underline how Chrome’s crown as the world’s most popular internet browser is undisputed.
And fans of Google Chrome have been put on alert after security experts discovered an exploit in an extension on the Chrome Web Store.
Cyber security firm Check Point uncovered the issue with the Chrome Remote Desktop extension.
One of their analysts noticed “unexpected behaviour” when the Google Chrome Remote Desktop Application was running on macOS.
In a blog post, Check Point explained how the bug could let a user log in as a guest but still gain administrator privileges.
They said: “One of our security analysts recently noticed an unexpected behaviour in Google Chrome Remote Desktop Application on macOS.
“The strange behaviour allows, in some cases, a ‘Guest user’ to login as Guest and yet receive an active session of another user (such as administrator) without entering a password.
“Check Point Research reported this bug to Google on 15th February 2018. Google responded that from a CRD (Chrome Remote Desktop) perspective, the login screen is not a security boundary.
“As we see it this is a security issue and believe users should be alert to the risk of letting a guest remotely access their machine.”
The ‘guest user’ feature is not enabled by default on macOS, so the Chrome exploit will not affect Mac users who are yet to set this feature live.
Express.co.uk has contacted Google for comment.
In other Google Chrome news, Express.co.uk recently revealed how security experts discovered four malicious extensions.
Researchers from security firm ICEBRG uncovered the malicious extensions which were downloaded in total more than 500,000 times.
ICEBRG stumbled upon the security risk after detecting a suspicious spike in outbound traffic from a customer’s workstation.
They discovered it was caused by a Google Chrome extension called HTTP Request Header which used infected machines to visit advertising links.
ICEBRG later found three other Chrome extensions — Nyoogle, Stickies, and Lite Bookmarks — did very similar things.
Researchers from ICEBRG believe the extensions were part of a click-fraud scam.
These cons imitate the process of a user clicking on a link for an advert without the victim’s knowledge.
ICEBRG added, however, that these Google Chrome add-ons also had the potential to spy on unsuspecting people.
In their report, the security firm said: “In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed.
“In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks.”
The four offending Chrome extensions have now been removed from the Chrome store after ICEBRG reported its findings privately to Google.