• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » News » Google Chrome vulnerability provides a backdoor to spy on millions

Google Chrome vulnerability provides a backdoor to spy on millions

by Chris Stokel-Walker
25 June 2020
in News
0
apps on iphone screen
73
SHARES
A rudimentary issue and a malicious extension can cause a headache

Google Chrome extensions downloaded 32 million times have secretly been siphoning off users’ web history and login credentials. The vulnerability, which was first reported on by Reuters and discovered by threat researchers Awake Security, has been described as the farthest-reaching attack launched through the Chrome store to date.

The vulnerability targeted the gullibility of a number of users who downloaded browser extensions designed to convert files from one medium to another, or to warn web browsers about potentially dangerous files they encountered online. Instead, they were fronts that acted as spyware, tracking a user’s browsing habits, including which sites they visited, and also recording their logins.

The dodgy browser extensions were downloaded up to 32 million times, according to the researchers, who gleaned the information from data provided by Google’s own Chrome store. The full list of domains and extensions can be found here.

‘A massive global surveillance campaign’

The campaign is a giant dragnet, say the researchers, rather than a targeted attempt to gather information. It is “a massive global surveillance campaign exploiting the nature of internet domain registration and browser capabilities to spy on and steal data from users across multiple geographies and industry segments,” they say.

The extensions, 70 of which were removed by Google from the Chrome store after the researchers made them aware of the issue, worked by pushing data out to illegitimate servers, all while avoiding the usual means of detection that would highlight them as malicious software by anti-virus scanners. The attack seems to have been targeted at home users; according to the researchers, it doesn’t work on corporate networks – and doesn’t even try to.

According to the researchers, one single internet domain registrar is responsible for hosting many of the domains through which the data passed. Of more than 26,000 domain names reachable that were registered through GalComm, almost six in 10 are malicious or suspicious, Awake Security claims.

There is no suggestion GalComm has any knowledge of, or anything to do with, the malicious browser extensions. GalComm’s owner, Moshe Fogel, told Reuters: ““Galcomm is not involved, and not in complicity with any malicious activity whatsoever.” He added that they will cooperate with law enforcement “to prevent as much as we can,” and that the company was undertaking its own investigation.

Browser extensions are common vectors of attack

Malicious browser extensions are not new ways of trying to siphon off data, even if the sheer scale of the information being captured is unique in this case. Researchers in February discovered a similar issue with Chrome extensions that it claimed siphoned off data from 1.7 million users. Google later also found 500 further fraudulent domains.

But with browser extensions becoming ever more powerful and vital in our day-to-day browsing lives, they are potentially a high-reward way for hackers to try and gain access to our data. We use extensions to block ads, connect other services, convert files and even collaboratively watch Netflix these days.

A number of extensions ask for overly broad permissions from their users, including the ability to access web history – which can tell you a lot about a person and their browsing habits. Launching attacks against Chrome that take advantage of its vulnerabilities is a logical conclusion for hackers: nearly seven in 10 people browsing the internet at any one time are doing so using Chrome.

But users should become more suspicious of the browser extensions they use, and the kinds of permissions they grant to the extensions. Constantly monitoring the installation of browser extensions, and what they do, as well as what permissions you give them, is a logical way to try and mitigate the risk of falling victim to such attacks.

Share73TweetShareShare

Related Posts

This fake TikTok service promises free followers but gives you free malware instead

This fake TikTok service promises free followers but gives you free malware instead

15 January 2021
Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

15 January 2021
New report violent hashtags on Parler skyrocketed on January 6

New report: violent hashtags on Parler skyrocketed on January 6

14 January 2021
Three men having conversation in Xinhiang

Chinese tech patents tools that can detect, track Uighurs

14 January 2021
Next Post
hacker stealing condifential information

People are being sent to jail for leaking data – should they?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    81962 shares
    Share 81952 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Tutanota vs. ProtonMail: which is the better secure email service?

    0 shares
    Share 0 Tweet 0
  • 1 million highly sensitive NSFW pictures leaked by Korean teen dating app

    59 shares
    Share 59 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
NSFW: tech support workers share their oddest job experiences

NSFW: tech support workers share their oddest job experiences

15 January 2021
This fake TikTok service promises free followers but gives you free malware instead

This fake TikTok service promises free followers but gives you free malware instead

15 January 2021

These researchers create mouth-watering (but fake) pizza images. Why?

15 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

15 January 2021
An unintended consequence: can deepfakes kill video evidence?

An unintended consequence: can deepfakes kill video evidence?

14 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!