ArsTechnica is reporting on an apparent security issue with the way Chrome Extension and updates are handled by the Google Chrome web browser. We all trust that when our browser is updated that the vendors, be they Google, Mozilla or even Microsoft aren't loading us up with adware and malware. Unfortunately the same cannot be said for browser extensions.
In the case of Google Chrome it goes without saying that when we install a chrome extension we trust the source (at least one would hope so). When you install a browser extension you are giving that extension's owner pretty much unfettered access to your browser and they can push code out of it as they see fit.
However, even if you trust the source upon initial installation you may find it somewhat alarming that the extension you are using can be transferred to another owner without your knowledge. Pretty scary right? Well it gets worse. Malware and adware vendors are catching on to this little loophole and are using it for nefarious means according Ron Amadeo's report on ArsTechnica.
Once ownership has changed the new owner can use Google's update service to push malware-filled updates right into your browser. As pointed out in the aforementioned article Google isn't directly responsible for the malware. but the vendors are taking advantage of this loophole in Google's extension system to spam users. The report uses a firsthand account from OMG Chrome to illustrate the point:
One thing is abundantly clear: Google may need to make some minor adjustments to the way Chrome extensions are handled. Do you have your own story about a Chrome Extension gone haywire? Let us know in the comments below. As to whether this is FUD or genuinely something to be worried about I'll let you decide. Hit up the source link below and read the report for yourself.
Source: Arstechnica
In the case of Google Chrome it goes without saying that when we install a chrome extension we trust the source (at least one would hope so). When you install a browser extension you are giving that extension's owner pretty much unfettered access to your browser and they can push code out of it as they see fit.
However, even if you trust the source upon initial installation you may find it somewhat alarming that the extension you are using can be transferred to another owner without your knowledge. Pretty scary right? Well it gets worse. Malware and adware vendors are catching on to this little loophole and are using it for nefarious means according Ron Amadeo's report on ArsTechnica.
Once ownership has changed the new owner can use Google's update service to push malware-filled updates right into your browser. As pointed out in the aforementioned article Google isn't directly responsible for the malware. but the vendors are taking advantage of this loophole in Google's extension system to spam users. The report uses a firsthand account from OMG Chrome to illustrate the point:
Whether you think this is legitimate or FUD it's definitely happening and once it does it becomes very difficult to remove such malware by normal methods. What are users to do? While I'm sure no one is going to cease to use Chrome Extensions altogether, it is still advised to watch out for smaller Chrome vendors and be leery of extension updates.
One thing is abundantly clear: Google may need to make some minor adjustments to the way Chrome extensions are handled. Do you have your own story about a Chrome Extension gone haywire? Let us know in the comments below. As to whether this is FUD or genuinely something to be worried about I'll let you decide. Hit up the source link below and read the report for yourself.
Source: Arstechnica
