Millions of people are using compromised Google Chrome browsers due to malware-infected extensions, Stanford researchers find
Jun 26, 2024, 11:33 IST
Downloading extensions from portals like the Google Chrome Web Store (GCWS) has become second nature for web users seeking to enhance their browsing experience. From catching grammar slips and crafting to-do lists, to sniffing out discount codes and blocking advertisements, these extensions can do it all.
But now, the GCWS—known for its extensive repository of third-party Chrome extensions—finds itself at the centre of a troubling discovery.
A study by Stanford University security experts Sheryl Hsu, Manda Tran and Aurore Fass has revealed that millions of users are unknowingly running compromised versions of the Google Chrome browser. The reason behind this security breach? Malware-infected extensions.
Despite their popularity, third-party extensions come with inherent risks. Issues like varying quality levels and potential malware threats are always a concern. The Stanford research team focused on the latter, investigating the extent of malware risk in extensions available on GCWS.
Their methodology was twofold. First, they examined historical data from previous research on Chrome web extensions' security vulnerabilities.
Next, they embarked on a massive analysis. They downloaded and scrutinised the code of approximately 1,25,000 extensions available on GCWS from July 2020 to February 2023, searching for security-noteworthy extensions (SNEs). These are extensions that either violate GCWS policies or contain malware or vulnerable code.
The analysis uncovered alarming results. Around 346 million users had downloaded SNEs from GCWS during the two-year period. A staggering 280 million of these downloads involved extensions with malware.
Furthermore, the research highlighted the variability in how long SNEs remain on GCWS—ranging from a few months to several years—suggesting that problematic extensions often fly under the radar for extended periods. User reports of problematic extensions are infrequent, further exacerbating the issue.
This stands in stark contrast to Google's assertion that less than 1% of extensions hosted on GCWS contain malware. Despite Google’s claims of thorough vetting procedures, the study’s findings indicate a significant gap between policy and practice in ensuring user safety on the GCWS.
The findings were recently posted on the arXiv preprint server and can be accessed here.
Advertisement
But now, the GCWS—known for its extensive repository of third-party Chrome extensions—finds itself at the centre of a troubling discovery.
A study by Stanford University security experts Sheryl Hsu, Manda Tran and Aurore Fass has revealed that millions of users are unknowingly running compromised versions of the Google Chrome browser. The reason behind this security breach? Malware-infected extensions.
The extension tension
Despite their popularity, third-party extensions come with inherent risks. Issues like varying quality levels and potential malware threats are always a concern. The Stanford research team focused on the latter, investigating the extent of malware risk in extensions available on GCWS.
Their methodology was twofold. First, they examined historical data from previous research on Chrome web extensions' security vulnerabilities.
Advertisement
The analysis uncovered alarming results. Around 346 million users had downloaded SNEs from GCWS during the two-year period. A staggering 280 million of these downloads involved extensions with malware.
Furthermore, the research highlighted the variability in how long SNEs remain on GCWS—ranging from a few months to several years—suggesting that problematic extensions often fly under the radar for extended periods. User reports of problematic extensions are infrequent, further exacerbating the issue.
This stands in stark contrast to Google's assertion that less than 1% of extensions hosted on GCWS contain malware. Despite Google’s claims of thorough vetting procedures, the study’s findings indicate a significant gap between policy and practice in ensuring user safety on the GCWS.
The findings were recently posted on the arXiv preprint server and can be accessed here.