In February of this year, Google removed over 500 malicious plugins from the Chrome store which stole data from nearly 1.7 million users.
While the tech-giant announced they have since taken several steps to improve the browser’s privacy and security protections, it is evident that malicious Chrome extensions remain a persistent threat.
On June 18th, researchers discovered a massive spying campaign impacting Google Chrome.
Extensions downloaded over 32 million times were exploited in a massive surveillance campaign impacting a wide range of sectors including financial services, healthcare, and government organizations.
"We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies," Google spokesperson Scott Westover said.
This is the most far-reaching attack on the Google Chrome store to date. Malicious actors have been exploiting the Chrome store over the last few years, and deceptive extensions only seem to be getting worse.
In 2018, 1 in 10 submissions were deemed "suspicious", according to Reuters. This prompted Google to provide better security in part by increasing human review of these applications.
At this time, it is unclear who was behind the attack.
Although Google has since removed the flagged browser extensions, you might ask, "How can I be confident this won't happen again?"
With that said, carrying out regular sweeps is simply not enough.
What Can a Browser Extension Do?
When you download a browser extension, it can:
Read your clipboard
Read your passwords by monitoring user keystrokes
Take screenshots of sensitive data
Harvest your password credentials
And much more
How Can MSPs and IT Security Teams Stay Protected?
By relying on Google, or any web browser provider for that matter, to improve privacy and security protections, you are putting your business at risk of a zero-day attack.
Malicious Chrome extensions bypass antivirus and other traditional endpoint security solutions. Therefore, you must stop them from running in the first place and implement a solution that protects you when they happen to be exploited.