In response to reports that the Chrome Web Store has experienced a wave of fraudulent transactions prompting a temporary suspension or updating of any commercial Chrome extensions on the official Chrome Web Store, security experts commented below.
In response to reports that the Chrome Web Store has experienced a wave of fraudulent transactions prompting a temporary suspension or updating of any commercial Chrome extensions on the official Chrome Web Store, security experts commented below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Browser extensions are like a third-party plugin, not created by the original manufacturer, but designed to enhance the functionality of the user\’s experience. While it\’s unknown what is happening at Google and its actions, it must be a serious issue. Speculation from my experience would be one of fraud, where the criminals have infiltrated the Chrome store and inserted malicious code to steal personal identifiable information (PII), along with credit card information.
Organizations need to be aware of browser extensions used within their environments because like any other product within their supply chain, they need to be fully aware of any risks or vulnerabilities that the product delivers. Vendor companies like Chrome or Microsoft will deliver updates on a regular basis to address vulnerabilities for their product, however, it\’s the developers of the browser extensions who may not have a rigorous update program, which could leave organizations vulnerable to unknown risks.