Over 500 Chrome Extensions Removed by Google Due to Malware Concerns


If you go to tap on your favorite Google Chrome extension and it no longer works like it used to, it could be among the over 500 Chrome extensions removed by Google.

This week, over 500 Chrome extensions removed by Google were listed due to concerns that they were redirecting users to malicious sites and ad content without users being aware.

The issue was identified by Cisco’s Duo security team – as explained by Duo:


“Browser extensions have been known as a weak point for individual security and privacy due to their potential for misuse under the general guise of helpful applications. In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users. This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to the risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”

In other words, users were being inadvertently re-directed to ads, in order for the developers behind the extensions to take a cut of that traffic. In interviews with impacted users, most reported being unaware of any obvious impacts on their browsing experience.

Millions of users are likely impacted by the over 500 Chrome extensions removed by Google. According to Duo, their initial investigation showed that almost 2 million users had downloaded the extensions it identified, but Google’s subsequent action based on information from Duo significantly expanded on this scope. It’s not clear exactly how many people have installed these extensions, but as noted, if you try out an extension and it no longer works, it could be among the over 500 Chrome extensions removed by Google.

It’s not the first time Google Chrome extensions have been used for such purpose. As reported by ZDNet, typically, this type of fraud involves injecting ads within a browsing session, but the developers try to hide such in order to avoid detection. In a more concerning attack, back in 2018, groups used Chrome extensions to steal login credentials, mine cryptocurrencies, and engage in click fraud, roping in more than 100,000 users.

Given this, it’s worth double-checking that your extensions come from reputable sources, and avoiding spam looking listings and tools.

Duo has published a full list of the extensions it identified in its investigation, and the made up the list of the over 500 Chrome extensions removed by Google. Google has also marked the extensions as ‘malicious’ to stop people from trying to re-add them through other means.