Interaction hands using mobile apps. Stylish concept for web and mobile

Posted on
April 9th, 2015

Google Removes Bad Extensions from Chrome

A recent study has revealed that tens of millions of people are accessing Google using a browser with malicious add-ons.

The research was carried out by a team of security experts, who analysed more than 100 million visits to the search engine site.

In the results, they found that around 5% of Google users were caught out by at least one malicious extension each day.

These extensions weren’t limited to just Chrome but were actually present on all major browsers, which included Firefox and Internet Explorer.

As well as repeatedly spamming users with adverts, bad extensions also pose a threat when it comes to their privacy. If they are installed on your browser, hackers may be able to access personal information, like login details, names and even bank details.

Alexandros Kapravelos, a UC Santa Barbara computer scientist who worked on the project, said that “It is a very hard problem to deal with. Even when we have a complete understanding of what the extension is doing, sometimes it is not clear if that behaviour is malicious or not”

“You would expect that an extension that injects or replaces advertisements is malicious, but then you have AdBlock that creates an ad-free browsing experience and is technically very similar.”

Google have acted on the initial results of the study and have removed 192 actively malicious extensions from its Chrome browser. Research suggested that around 14 million people had been tricked into using these extensions in the past.

In the coming months, Google plan to develop tools that can detect these extensions automatically. They will then be flagged up with a security warning so that Google staff can deal with them accordingly.

The full results of the study will be published in May, for those who want to find out more information. These findings will hopefully give both Google and its users a better idea of the malicious extensions on the site and how to improve its overall security.

< Back to Blog