A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The discovery of these malicious Chrome browser extensions underscore the need for users to exercise caution when downloading and installing extensions. Users should stick to using only extensions provided by reputable firms that have a past record of respecting the privacy of users.
That said, this also underscores the laxity Google has shown in both its Chrome Web Store and its Google Play Android app store to allow spyware, malware and other malicious apps and extensions to slip through its review, measures that are designed to prevent incidents such as this.