Chrome Web Store is again in the spotlight, and not for good reasons once again. Symantec researchers have recently discovered several browser extensions that somehow slipped past Google’s security checks. These were not hiding on sketchy websites; rather, they were sitting right on the official store but still managed to pull off some serious security violations.
Malicious Chrome extensions slip through Google’s net.
Here’s what the researchers have found: These malicious extensions go way beyond just being annoying. Yes, we are talking about grabbing whatever you copy to your clipboard and stealing your data. With this, they are enabling the remote attackers to control your browser. Some can even run malicious code right inside your Chrome browser for long-term harm, without you being aware of it.
Good tab extension: A privacy disaster waiting to happen
One of the worst offenders is something called Good Tab. And, believe it or not, you can still find it on the Chrome Web Store right now. Good Tab uses an insecure HTTP iframe that basically hands over your clipboard to a remote website—no warning, nothing. That means someone could easily swipe your passwords, grab private notes, or even swap out your crypto wallet address if you’re making a transaction. You could lose money without even realising it.
Other dangerous extensions you should know and remove immediately
Child Protection extension: This is not it, as the scammers are getting smarter with technology. There is a Child Protection extension (which thankfully seems to be gone now), which was basically a remote control for attackers.
The extension was capable of stealing your cookies, hijacking your logins, and running whatever JavaScript the attackers wanted—all from afar.
DPS Websafe: This one pretended to be trusted tools like Adblock Plus, but actually hijacked your search results, spied on your browsing and tricked you with fake branding.
Stock Informer: This extension is still up on the store and has a major security hole. Because it does not properly check messages, attackers can run harmful code on your machine from anywhere.
What do you need to do to protect your data in the Chrome browser?
First thing, if you have ever installed any of the above-mentioned extensions, then you need to delete them immediately, without giving a second thought. And in the coming time, you must not blindly trust any random extensions, even if they are on the official Chrome Web Store.
How to protect yourself?
You must make sure to only install extensions which you really need.
You must check and read permissions before adding anything to your extensions.
Keep checking your add-ons that you do not use or that look suspicious.