Experts from Stanford University (USA) have discovered that millions of people are using an infected version of the Chrome browser due to extensions installed from the Google Chrome Web Store (GCWS). The findings of the study led by Cheryl Hsu, Manda Tran, and Aurore Vas, who studied thousands of GCWS extensions, were published in an article on the preprint server “arXiv”.
To get the most out of web browsers like Google Chrome, users download extensions from websites: one of the most popular and well-known is GCWS, which hosts Chrome extensions written by third-party developers.
Two major problems with downloading and using third-party extensions are the uneven level of quality and the potential for malware. Investigators used two methods to determine how many of the thousands of extensions hosted on GCWS contain what they call Security Noteworthy Extensions (SNEs)—those that violate GCWS policy or contain malware or vulnerable code.
To do this, they downloaded all the extensions (around 125,000) that were available on the site between July 2020 and February 2023, and then analyzed the code that was used, looking for signs of malware infection. The website’s download history and the length of time the extensions were used were also analyzed.
The research team found that nearly 346 million users downloaded GCWS SNEs during the two-year period under study — 280 million of which included malware-laden SNEs — and noted that Google claims that less than 1% of extensions hosted on the store contain malware, noting that it scans all extensions hosted on the site.
Finally, the researchers also found that SNEs vary greatly in how long they are available on GCWS, from months to years, and that users rarely report extension as a problem.
“Friendly zombie fanatic. Analyst. Coffee buff. Professional music specialist. Communicator.”
