Google bans 200 dodgy extensions for data snooping

Research reveals Chrome add-ons are stealing user data

Google has yanked 200 extensions from the Chrome store, after they were revealed to be stealing sensitive data from millions of users. 

The move follows two reports about browser extensions, the small, often free tools that can be installed in Chrome and Firefox to add specific features.

The first report was from the University of California at Santa Barbara, which worked alongside Google to measure the extent of the problem, analysing more than 100 million visits to its pages. 

The research found that 5 per cent of everyone visiting a Google page have at least one malicious extension, and most of those affected have multiple dodgy add-ons. 

Researcher Alexandros Kapravelos said the problem is hard to fix because malicious extensions use the same techniques to collect data as legitimate tools. 

"Even when we have a complete understanding of what the extension is doing, sometimes it is not clear if that behaviour is malicious or not," he told the BBC. "You would expect that an extension that injects or replaces advertisements is malicious, but then you have AdBlock that creates an ad-free browsing experience and is technically very similar."

Indeed, the extension that's the focus of the second report denies it's acting malicously. Web firm ScrapeSentry analysed Chrome extension Webpage Screenshot, finding it collects data from users and sends it to a server in the US.

While the purpose of the tool is, as the name suggests, to take screenshots of webpages, the extension also copies all your browsing data, sending it to an IP address registered in the US. 

"The repercussions of this could be quite major for the individuals who have downloaded the extension," said ScrapeSentry security analyst Cristian Mariolini. "What happens to the personal data and the motives for wanting it sent it to the US server is anyone's guess, but ScrapeSentry would take an educated guess it's not going to be good news.  And of course, if it's not stopped, the plugin may, at any given time, be updated with new malicious functionality as well."

However, a spokesperson for Webpage Screenshot told the BBC that the data wasn't gathered for malicious reasons, but to understand who was using the extension.

Google doesn't appear to believe full browsing history is required for that, and the extension has been removed from its Chrome Web Store

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020