Top Mathematics discussions
NishMath
Aman Mishra@gbhackers.com - 3d
A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud. GitLab's security team discovered these extensions on the official Google Web Store and were used to insert ads and manipulate search engine results.
The malicious extensions operate by checking in with unique configuration servers, transmitting extension versions and hardcoded IDs, and storing configuration data locally. They also create alarms to refresh this data periodically and degrade browser security by stripping Content Security Policy (CSP) protections. Following the discovery, Google was notified, and all identified extensions have been removed from the Chrome Web Store. However, users must manually uninstall these extensions as removal from the store does not trigger automatic uninstalls.
ImgSrc: blogger.googleu
References :
The malicious extensions operate by checking in with unique configuration servers, transmitting extension versions and hardcoded IDs, and storing configuration data locally. They also create alarms to refresh this data periodically and degrade browser security by stripping Content Security Policy (CSP) protections. Following the discovery, Google was notified, and all identified extensions have been removed from the Chrome Web Store. However, users must manually uninstall these extensions as removal from the store does not trigger automatic uninstalls.
ImgSrc: blogger.googleu
Share:
References :
- bsky.app: GitLab's security team has discovered a cluster of 16 malicious Chrome extensions on the official Google Web Store. The extensions were used to insert ads and manipulate search engine results. Over 3.2 million users downloaded the extensions
- gbhackers.com: A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud.
- Cyber Security News: Chrome Under Siege: 16 Malicious Extensions Infect Over 3.2 Million Users
- thecyberexpress.com: Remove These Extensions Now! Hackers Hijack Google Chrome Add-ons for Fraud
Classification:
- HashTags: #Chrome #Malware #BrowserSecurity
- Company: Google
- Target: Chrome Users
- Product: Chrome
- Feature: browser extension
- Malware: Malicious Chrome Extensions
- Type: Malware
- Severity: Medium