ADVERTISEMENT

Chrome extensions: they see everything

Your handy adblocker, price tracker, or spell checker extension might be significantly risking your online safety. Oren Koren, Co-Founder of the cybersecurity firm Veriti, advised me to delete all Chrome extensions, and he’s not the only one. Four more cybersecurity researchers have similar opinions.

Chrome browser delete extentions

By Shutterstock

Ernestas Naprys
Ernestas Naprys Senior Journalist
Aug 1, 2023 Updated: 15 November 2023 4 min read

The whole supply chain is vulnerable

  • http:// ­- risk of browsing data interception;
  • https:// - risk of encrypted browsing data interception;
  • ftp:// - risk of exposing login credentials and unauthorized file access (directory listing of the FTP server, username and password passed in the login stage, the ability to track and download files);
  • file:// - risk of disclosing sensitive local files or internal resources (specific internal or external file paths that only the owner has);
  • ws:// - risk for web services that can compromise an organization’s content
Oren Koren
ADVERTISEMENT

The ultimate goal for cybercriminals – to deploy ransomware

  • In 2021, researchers found a vulnerability in a popular Chrome extension designed to manage cryptocurrency wallets. This vulnerability allowed attackers to steal users' private keys and cryptocurrency. After the vulnerability was discovered, the developers issued an update, but this incident highlights the need to be careful with some types of extensions.
  • In 2019, several malicious Chrome extensions were used to intercept user logins on popular websites such as Facebook and Google.
  • In 2018, an extension was discovered that stole credit card data using the "chrome.webRequest" API for this.

No extensions for you, if you want to be safe and private

ADVERTISEMENT