Google Chrome Extensions With 32 Million Downloads Found to be Stealing User Data


Google Chrome extensions with 32 million collective downloads have found to be part of a spyware effort that has been stealing user data. Google was notified last month by researches about the malicious nature of these 106 extensions, after which it took them down from the Chrome Web Store.

The extensions disguised themselves as file convertors and some, ironically, alerted users for malicious websites. In reality, the extensions were stealing browsing history and user data. With 32 million downloads in total for these 106 extensions, it highlights important issues for Google that need to be resolved in order to protect user privacy and security when downloading extensions for Chrome.

PS Plus 50hz PAL Version Classics Get a “Fix” From Sony that Only Causes More Problems

Google spokesman Scott Westover told Reuters:

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,”

According to researchers at Awake Security, this was one of the biggest malware campaigns that hit Chrome Web Store so far. You can read the detailed report by Awake here, which traces back the malicious extensions to a domain registrar in Israel called Galcomm.

By exploiting the trust placed in it as a domain registrar, GalComm has enabled malicious activity that has been found across more than a hundred networks we’ve examined. Furthermore – the malicious activity has been able to stay hidden by bypassing multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity.

Google failed to detect any issues with the extensions, even though the company claims to do regular malware scans in the Store. In February 2020, in a similar incident, Chrome extensions stole data from 1.7 million users.

Back in 2018, the company had revamped how extensions work. One of the important changes back then was changes to the extension review process, as noted below:

  1. Changes to the extensions review process: Going forward, extensions that request powerful permissions will be subject to additional compliance review.

Somehow, it seems that extensions that have complete access to browsing history and other user data in Google Chrome are not considered 'powerful' enough to face compliance reviews.

MSI & Ubisoft to launch GeForce RTX 3080 SUPRIM X 10G LHR Assassin’s Creed Special Edition graphics card, limited to 300 units

Note that 2018 was full of malicious Chrome extensions that successfully compromised user data.

Now that we are in 2020, Google's failure to fix issues with malicious Chrome extensions continues to disappoint. Even though Google's model of allowing extensions in Chrome Web Store without review seems to work better and attracts more developers, it fails to provide adequate protection for user data.