• Google Chrome creators introduces identifiers with shortcuts to search history, tabs, and bookmarks
  • Google technology fixes more than 30 vulnerabilities with the latest version of Chrome

In recent weeks, Google has faced problems related to extensions to its popular browser, Google Chrome. While these extensions have been one of the most attractive features for users, as they allow you to customize the browsing experience, they also represent a considerable risk when their origin is unknown.

Recently, it has been reported that Google has had to take drastic measures to remove 32 malicious actors that were installed more than 75 million times. According to an American media outlet, these extensions represented one of the most dangerous aspects of Google Chrome, as they could hide their code and perform malicious functions without users' knowledge.

Cybersecurity researcher Wladimir Palant discovered that some of these extensions had malicious intent related to advertising injection, according to BleepingComputer. These extensions generated ads with the aim of allowing users to click on them and creators to obtain economic benefits. Even very popular and well-rated extensions, such as PDF Toolbox, with over 2 million users and a rating of 4.2, were involved in these fraudulent activities, as it included code disguised as a legitimate extension API wrapper.

The code of these extensions was designed to activate 24 hours after installation, a very characteristic feature of malicious extensions, since in this way it gave them time to go unnoticed. Among the harmful applications were Autoskip for YouTube, with 9 million active users, Soundboost with 6.9 million and Crystal Adblock with 6.8 million. In total, it is estimated that there were at least 32 malicious extensions that accumulated 75 million installations.

The researcher himself, in an article explains that the code allowed the domain "serasearchtop[.] com" will inject arbitrary JavaScript code into any website visited by the user. The potential dangers of these extensions range from the insertion of advertisements on web pages, to the theft of confidential information. Although the researcher did not observe any clear malicious activity, he noted that there are numerous reports from users and reviews on the web store indicating that extensions were performing redirects and hijacking search results.

Specifically, the researcher has found 18 other extensions with the same suspicious code. Extensions that together add up to 55 million downloads. These include:

  • Amazing Dark Mode: More than two million active users.
  • Autoskipfor Youtube: nine million active users.
  • Awesome Auto Refresh: more than two million active users.
  • Crystal Ad Block: 6.8 million active users.
  • HyperVolume: More than 500,000 users.
  • Leap Video Downloader: more than one million users.
  • Light picture-in-picture: almost 200,000 users.
  • Qspeed Video Speed Controller: more than 700,000 users.
  • Soundboost: 6.9 million active users.
  • Brisk VPN: 5.6 million active users.
  • Clipboard Helper: 3.5 million active users.
  • Maxi Refresher: 3.5 million active users.
  • Volume Frenzy: more than a million and a half users.

For its part, the cybersecurity company Avast expanded the list to 32 extensions that have more than 75 million installations. If users have installed any of these extensions, the expert strongly recommends removing any trace of them on both the computer and the browser. By doing so, the amount of unwanted advertising is likely to be significantly reduced, as these extensions sought to profit through ads.

Importantly, one of the reasons Chrome has become so popular is its support for third-party extensions, which are supposedly overseen by Google before being available in the Chrome Web Store. However, this incident highlights that this system is not foolproof and that caution is crucial when installing and using extensions.

Check if you still have them installed

Although it seems that Google has taken action and removed most of these extensions from the Chrome Web Store, it is important to check if they have them installed and remove them manually. To check whether any of these extensions are installed on your computer, there are two methods.

The first is to search for the name of the app in the Chrome Web Store and check if it's still available. The second method involves searching by hand, for example by checking the ID of extensions using the View web permissions feature in the properties of each extension and checking it against the listing provided by Avast on its website. Although this is not the most convenient way to check for the presence of malicious extensions, as only the ID is displayed and not the name, it is an additional measure that users can take to ensure their safety.

To sign in, open Chrome and tap the three vertical dots in the top right and tap Settings. Then in Extensions, in the search engine, located at the top center, copy and paste each of the IDs in the list or one by one, open each extension by clicking on Details and check that its ID does not match any of the ones in the list.

Importantly, in addition to checking for the presence of malicious extensions, users should take proactive steps to protect their online security. Some recommendations include keeping the browser and all extensions updated with the latest versions; periodically review the extensions installed on the browser and remove those that are no longer used or that generate suspicion; read other people's reviews and ratings before installing a new extension; avoid downloading extensions from unverified sources or from unknown websites; and use a reliable security solution, such as an antivirus program or browser-specific security extension, to detect and block potential threats.

  • Google

According to the criteria of The Trust Project

Learn more