Google has pulled hundreds of extensions for its hugely-popular Chrome browser after security researchers exposed a malware operation designed to inject malicious adverts while users browsed the web. Networking firm Cisco unearthed the 500 nefarious add-ons for the Chrome browser.
The US company’s Duo Security team shared their findings with technology blog ZDNet. The code included in these extensions will sometimes load-up affiliate links to popular retail websites like Best Buy and Dell, as well as malware downloads and phishing pages designed to steal your information.
According to the report from the researchers, the malware-laced extensions are part of a larger effort which has been in up-and-running for at least two years. It’s believed the bad actors behind the code targeted at Chrome users may have been active since the early 2010s.
Most worrying of all, the Duo Security team now believe that as many as 1.7 million Chrome users might have been impacted by the extension network. After it was informed about the organised network in its Chrome Web Store, Google conducted its own security sweep and unearthed hundreds more malicious extensions.
It’s currently unknown how many installations each of the 500-plus Chrome plug-ins had clocked-up each before they were pulled from the Web Store.
The research from the Duo serves as a reminder that Google is fighting a number of ongoing malware issues. The Mountain View-based company recently celebrated a number of victories against malware targeted at smartphone and tablet owners running its Android operating system. Google has prevented billions of malicious app installs for these users …not to mention dramatically reducing the number of apps siphoning unnecessary data from users’ devices.
READ MORE
Google Chrome’s important new update is here and could speed-up your PC instantly
However, there is clearly still work to be done with its Chrome browser, which is used by 69 percent of all desktop internet users worldwide.
Thankfully, even if you did install one of these nefarious extensions, Google has disabled the add-on remotely. So, it shouldn’t pose any more threat to your machine or your data.
Google has also added a “malicious” label to the add-on, so you’ll know to delete it and not reactive the extension. To find the extensions installed in your Chrome web browser, launch Chrome on your computer. At the top right, click More and then More Tools and then Extensions.
MORE LIKE THIS
Google Chrome block: All-new update will protect you from dangerous downloads
This is the menu where you can toggle Extensions on/off. If you find one an add-on with the “malicious” label, you should remove it immediately.
If you’re looking for an index of all the malicious extensions to check whether you’ve ever had one of these installed on your machine, you can find a complete breakdown of the add-ons here.
The Duo team recommends you regularly audit the extensions you have installed, delete ones you don’t use, and flag any ones that you don’t recognise. Some of the best antivirus apps available right now will also detect and de-fang malicious browser extension.