25% of Tested Google Chrome Extensions Have Security Bugs and Vulnerable to Data Theft
A group of security researches have analyzed 50 of the most popular Google Chrome extensions in addition to another randomly picked extensions and found that 25% of them were vulnerable to data theft.
Researchers manually analyzed 100 Google Chrome extensions looking for JavaScript injection vulnerabilities. The analysis performed was as thorough as it gets. They looked into the background, pop-up and options pages of extensions. While testing the selected Chrome extensions, 50 of the most popular ones and another 50 chosen at random, roughly 25% of them in total were found to be vulnerable to data theft.
Despite 25% of the Chrome extensions having vulnerabilities, almost half of them can be patched by configuring them to utilize one of two offered CPS (Content Security Policies). The CPS prevents malicious JavaScript code from being injected. Basically these security policies, if implemented, will differentiate the good and bad JavaScript code so the illegitimate code does not get executed.
Avoiding vulnerable Chrome extensions is unfortunately left in the hands of the developers. Developers will ultimately need to apply the Content Security Policies to their Chrome extensions before it leads to issues for the user, which could result in a malicious hacker pilfering data such as stored passwords or internet history.
What can Google Chrome users do to prevent data theft via vulnerable extensions?
According to recent analysis performed by StatCounter, Google Chrome is one of the fastest growing web browsers in terms of usage in particular areas of the world. Any discovery of issues with Google Chrome could send virtual shockwaves to those who look for a 'more secure' alternative to Internet Explorer and all of the historically perceived vulnerabilities that comes with it. If you are an avid Google Chrome user, then learning about vulnerabilities within Google Chrome extensions that allow data theft is probably not something you want to hear. The best way to keep yourself protected is stay vigilant by installing and running an updated anti-spyware or anti-virus application. Additionally, installing or updating to the latest version of Chrome extensions is a good practice in the event the developer has chosen to implement new security policies.
Which web browser software do you mostly use? Do you believe that your browser software preference is the safest choice for you?
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.