Security insights from ThreatLocker
Unfortunately, the dangers are far worse than you might consider. Last month, Google removed over 500 malicious plugins from the Chrome Store.
The behavior of these extensions ranged from annoying popups to injecting malicious code into legitimate websites. Users are easily tricked into believing that they are submitting data to an authentic site such as Macy's or Best Buy, while all along, the extension was harvesting their data.
The average computer user is often under the impression that information entered into an HTTPS site is safe from prying eyes. Unfortunately, SSL does not protect from data theft before transmission. Chrome extensions run on the client and can read or write data before the read is encrypted. Those who use legitimate extensions like LastPass are familiar with the prompt to save a password into the password manager when logging into their favorite shopping site. The fact that password managers can save this data proves that these extensions have the ability to read passwords in the first place. While LastPass is a credible company, not all extensions are.
Chrome extensions also have the ability to call on other applications directly from the extension. While the extension itself may not have access to your documents, these extensions can call on other Windows applications and weaponize those applications to access or encrypt your files. For example, an extension could call a command prompt and pass in commands to encrypt files or even spawn other applications.
The first step in stopping Chrome extensions from being weaponized and used against you is to stop them from running in the first place. It really is that simple! If it is not running, it cannot steal your data.
ThreatLocker has developed a built-in out of the box solution that simplifies this even more. Not only can you control chrome extensions, but you can control any applications that have the ability to run on your endpoints.
Another step you should be taking to protect yourself is to Ringfence Google Chrome and other similar applications to make sure they cannot interact with Command Prompt, PowerShell, or other system tools that can be weaponized against you. There is no reason that Google Chrome needs to access these tools. By blocking them, you can stop an attack from leaving the browser.
If you would like to learn more about how ThreatLocker can help stop fileless and zero-day attacks, please schedule a demo with a support specialist through the following link: https://www.calendly.com/threatlocker/demo