In a major cleanup effort, Google has taken swift action by removing 32 malicious extensions from the Chrome Web Store, which collectively had a staggering download count of 75 million.
These extensions had the potential to manipulate search results and inundate users with spam or unwanted advertisements, according to a report by Bleeping Computer.
A picture taken on November 8, 2021 in Moscow shows the US multinational technology and Internet-related services company Google's logo on a smartphone screen. - A Moscow court on November 8 ordered fresh fines for US tech giant Google and Russian-founded encrypted messaging service Telegram, accusing the companies of not removing illegal content.
Startling Discovery
During an analysis of the PDF Toolbox extension, cybersecurity researcher Wladimir Palant made a startling discovery.
Disguised as a legitimate extension API wrapper, the code within the extension allowed the domain "serasearchtop[.]com" to inject arbitrary JavaScript code into any visited website.
The potential consequences of such actions ranged from injecting ads into webpages to potentially compromising sensitive information. Although no explicit evidence of malicious activity was observed, the true intentions behind the code remained shrouded in mystery.
Palant's investigation took a disconcerting turn when he found the same suspicious code present in 18 other Chrome extensions, with a collective download count of 55 million.
Notable extensions affected by this issue included popular ones such as Autoskip for Youtube, Soundboost, Crystal Ad Block, Brisk VPN, Clipboard Helper, and Maxi Refresher. Despite Palant's efforts to report these concerning extensions to Google, they continued to be available for download on the Chrome Web Store.
Further analysis by Palant unveiled two variants of the code, one posing as Mozilla's WebExtension browser API Polyfill, and the other masquerading as the Day.js library. But both versions employed the same method of injecting arbitrary JavaScript code through serasearchtop[.]com.
Although Palant did not personally witness any explicit malicious activity, numerous user reports and reviews on the Chrome Web Store suggested that these extensions were responsible for unwanted redirections and search result hijacking.
Avast's Investigation
Despite warnings, Google had not acted to remove these extensions until cybersecurity firm Avast stepped in.
Avast conducted a thorough investigation and confirmed the malicious nature of these extensions. They promptly reported the findings to Google, expanding the list to encompass a total of 32 entries, which collectively accounted for 75 million installations.
According to Avast's assessment, these seemingly innocuous extensions were, in fact, adware that surreptitiously manipulated search results to showcase sponsored links and paid outcomes.
Furthermore, in certain instances, these extensions even facilitated the dissemination of malicious links.
Following the report from Avast, a Google spokesperson confirmed that the reported extensions had been promptly removed from the Chrome Web Store. Emphasizing their commitment to user security and privacy, the spokesperson stated that Google takes violations of their policies seriously and takes appropriate action when necessary.
Related Article: #TechTimesLifeHack: Chrome Extensions to Spot the Best Money Saving Deals Online-Price Comparison, Fake Review Check, and More!
