Google Chrome is currently plagued by at least half a dozen malicious extensions that security researchers have spotted over the last couple of months in the browser’s web store, recent reports indicate. How the malicious plugins bypassed the web browser’s automated security screening process could not be immediately clear, and there are no quick solutions to the problem yet.
The malicious Chrome extensions were discovered in the wild at different times. For instance, one malware-riddled extension is disguised as a tool for verifying user age in order to view adult content on the internet. In reality, the extension was designed to steal social media authentication tokens so that once a user logs in to a particular social networking site that has been loaded with the malicious extension, attackers can take over your social media account. Other forms of malicious plugins that had been found in Chrome have carried out other harmful activities such as loading adware into the browser to lure victims into visiting a dubious website, as well as mining cryptocurrencies in your browser under the pretext of protecting your browser from malware. Google has yet to comment on these and other findings about malicious extensions detected in its web browser, and it is not immediately known when the search giant plans to address these issues.
Chrome has been beset by earlier malicious attacks despite efforts by the Mountain View, California-based internet giant to make the browser more secure than ever before. Last month, Google announced the Chrome Cleanup feature designed to protect users of the browser from a wide variety of malicious attacks such as hijacking, suspicious tools and malvertising (a form of malicious activity that misleads internet users through ads), among others. The overall goal of the new feature was to keep the browser away from harmful add-ons and other malware. In 2013, Google also announced that it was working on a tool to automatically flag and block malware, courtesy of Chrome Canary, the bleeding edge version of Chrome. It may come as a bit of a surprise, then, to see so many malicious extensions getting past the security measures integrated into Google Chrome.