Researchers at the 23rd annual USENIX Security Symposium in San Diego revealed that although Google Chrome is the preferred browser for many, its extensions can pose a serious threat to users.
Through the analysis of more than 48,000 extensions from the Google Chrome web store, the group of researchers was able to detect 130 malicious extensions, including one with 5.5 million affected users. In addition, the researchers identified 4,712 “suspicious” extensions, most of which still remain available on the Google Chrome web store.
“Reports have documented not only malicious extensions, but miscreants purchasing extensions (and thereby access to their userbases via update mechanisms) to add malicious functionality,” read the paper.
The researchers found that these malicious or suspicious extensions fall within several types of malicious behavior, including affiliate fraud, credential theft, ad injection or replacement, as well as social network abuse. According to the report, another case revealed an extension performing ad replacement had nearly 2 million users.
In order to detect the unsecure extensions, researchers used a tool called Hulk – a dynamic analysis systems that detects malicious behavior in browser extensions by monitoring execution and corresponding network activity.
“First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension’s expectations in web page structure and content,” they reported. “Second, Hulk employs a fuzzer to drive the numerous event handles that modern extensions heavily rely upon.”
The group of researcher warned, “Malicious browser extensions have become a new threat, as criminals realize the potential to monetize a victim’s web browsing session and readily access web-related content and private data.”
Tyler Reguly, security researcher and member of Tripwire’s Vulnerability and Exposure Research Team (VERT), commented, “Google Chrome plugins are, in many ways, like Android applications. They require excessive permissions without giving the end user any real understanding of what they are doing. In both cases, Google Chrome and Android, the issue lies with Google.”
“Given all the places where Google strives to excel at security and privacy, it’s surprising that they are so lax when it comes to access controls and permissions,” said Reguly. “It’s a place where Google could definitely stand to step up and improve the current situation, but given the impact that could have on users of current Chrome Extensions, you have to wonder if they are willing to sacrifice convenience for security.”
The group of researchers proposed several recommendations to make Chrome’s extension ecosystem safer for users, such as preventing extensions from manipulating HTTPS request and encouraging local inclusion of static files.
Read More Here…