The compromised extensions were downloaded 500,000 times. Experts believe that the recent incident is the living proof that even some of the most security-concerned browsers in the world can be easily compromised.
The flaws were spotted by a cybersecurity team at ICEBERG when they stumbled upon a suspiciously high traffic volume coming from one of their customers’ workstations.
After analyzing the abrupt shifts in the traffic, they found that an extension in that customer’s Chrome browser was to blame. They found that the HTTP Request Header spread a virus that prompted computers to access specific ad links before users’ backs.
Three More Chrome Extensions Flagged As Malicious
ICEBERG researchers reported that they found an “unusual spike in outbound traffic volume” coming from one of their customers’ computers to a European VPS provider before learning that three other Chrome extensions acted like malicious pieces of software.
The other malicious extensions are the Lite Bookmarks, Nyoogle, and Stickies, which acted just like the HTTP Request Header. Researchers believe that the four extensions were used by hackers for quick per-click ad revenue. However, the scammers could have used the vulnerabilities to get access to users’ personal and financial data, as well.
The cybersecurity experts concluded that the scam was possible due to the public’s general trust in third-party extensions for the Chrome browser. If the campaign had been orchestrated by professionals, the vulnerabilities could have been used to compromise entire computer networks, researchers noted.
The team contacted Google to report the findings. The extensions were immediately removed from Chrome. You can read a full report on the ICEBERG’s team findings on the company’s blog site.
Image Source: Maxpixel