Latest news with #ChromeStore
Forbes
30-07-2025
- Forbes
Google Chrome Warning—‘Millions Of Users Have Data Stolen'
Be careful what you install. Google has issued an urgent warning for 2 billion Chrome users. A high-severity memory vulnerability could enable attackers to target users through the websites they visit. This has been fixed and all users should update and restart now. CVE-2025-8292 is a critical fix, but there's a much more dangerous threat to Chrome users that is hidden from sight. And so while all desktop users must ensure they move to version 138.0.7204.183/.184 of the browser, that's not enough to stay safe. This threat that should worry you more comes from extensions that might appear to be officially verified, but which have been designed or hijacked to attack your device. 'Millions of users have their data stolen,' SquareX's Vivek Ramachandran told me, as the extension-focused security team released its latest threat report. The alarming reality, he says, is that security tools do not have 'visibility into the dynamic behavior of extensions at run time to protect users against the rising threat vector' The past few years, SquareX says, 'have witnessed a surge in malicious browser extensions, including the Geco Colorpick, Cyberhaven and the Great Suspender. These malicious extensions exfiltrate data, steal session cookies, spread spyware and even hijack browser sessions of victims.' This includes extensions that were dangerous from the get-go, but also 'benign extensions that turned malicious — either due to a compromise or change in ownership — exploiting trusted extensions with a wide existing installed base.' 'Most enterprises still rely on extension store labels like 'Verified' and 'Chrome Featured' to determine its security,' Ramachandran says. 'This research showed that this is approach is extremely flawed as it turns out browser vendors and enterprises do not have sufficient tools to conduct extension analysis.' This latest extension warning from SquareX echoes prior reports that focus on the hidden threats from extensions now installed by most users without any of the checks and balances applied to the browser itself. In a world of increasing AI threats, including the use of marauding browser AI agents, this is a huge risk. 'The majority of extensions today are downloaded and installed from official stores like Chrome Store,' SquareX says. But store badges 'can be easily gamified by attackers with fake reviews and mass downloads. As a result, numerous Verified and Chrome Featured Extensions have been discovered as malicious, including the latest disclosure.' Extensions are often given free rein on devices and can operate with a user's credentials, which is a gift to attacks. 'It is important to first understand the 'superpowers' unique to browser extensions,' Square X warns, including: All told, while updating and restarting Chrome is critical, it could very well be that the real threat to your browser and the data it accesses is hidden from view and constantly working against you. You really do need to be careful what you install.
Forbes
04-06-2025
- General
- Forbes
Delete All Google Chrome Extensions That Are On This List
Delete this threat immediately. NurPhoto via Getty Images Chrome warnings are again in the news this week, with Google confirming active attacks and issuing an emergency update for 3 billion users. The company also confirmed it had mitigated this threat by silently pushing out a config change to all users last week. Now a new warning from the team at LayerX has outed a silent threat of a very different kind. A 'network of malicious sleeper agent extensions" that seem 'to have all been developed by the same person or group, waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' LayerX joined the dots and flagged these specific extensions based on common code patterns, the same remote code execution to frustrate detection, and leveraging known malicious domains to carry out attacks. 'Capabilities that do not appear to have any legitimate use in relation to the supposed function of the extensions.' Thus far, four extensions have made this new naughty list — all of which 'seem to be focused on in-browser sound management' and all of which 'try to demonstrate legitimate functionality.' Critically, LayerX also warns that it is 'currently investigating several additional extensions that appear to be linked to this campaign.' This is the initial list of extensions to delete: As with other extension warnings seen in recent months, all those flagged by LayerX 'are still currently available on the Chrome Store.' I have reached out to Google for its view on these extensions and whether they will remain available on its store. It seems at least some of the extensions should have been removed already — clearly a requirement for tighter restrictions before extensions are made available to users. 'The extension 'Examine source code of Volume Max — Ultimate Sound Booster', with over one million downloads, has already been flagged by several [security] vendors. However, it was not removed from the Chrome Web Store.' While you should delete these extensions, they have been dubbed 'sleepers' because no malicious activity is yet underway. This is the threat potential given commonalities despite seemingly different developers, and those links to malicious domains. 'This type of 'sleeper' extension network,' LayerX warns, 'can serve as a substitute for traditional botnets. While building up botnets (usually on exposed IoT devices) can be slow, technically complex, and cumbersome, developing a network of malicious browser extensions is much simpler, and can provide direct access to key user identity information such as cookies, passwords, browsing data, and browsing content.' As users have been warned multiple times recently, extensions are a huge vulnerability when it comes to Chrome. A vast number of its users install at least one extension, both at home and at work, yet 'anyone can upload an extension, and it's virtually impossible to trace back the people behind these extensions.'
