Advertisements

GOOGLE Chrome users have been put on alert after security experts discovered a number of popular browser extensions were filled with malicious software.

Google Chrome fans need to check whether they have downloaded extensions from the Chrome Store which will infect their computers with malware.

Google Chrome is without a doubt the most popular internet browser in the world right now.

NetMarketShare stats for the whole of last year show Google Chrome as having a staggering 58.90 per cent chunk of the internet browser marketplace.

Its nearest rival, Mozilla’s FireFox, has a 13.29 per cent share while Internet Explorer is on 13 per cent.

Microsoft’s newer Edge browser, which is bundled in with Windows 10, lags behind with a 3.78 per cent market share.

These stats underline how Chrome’s crown as the world’s most popular internet browser is undisputed.

And fans of Google Chrome have been put on alert after security experts discovered four extensions for the browser were malicious.

Researchers from security firm ICEBRG uncovered the malicious extensions which were downloaded in total more than 500,000 times.

ICEBRG stumbled upon the security risk after detecting a suspicious spike in outbound traffic from a customer’s workstation.

They discovered it was caused by a Google Chrome extension called HTTP Request Header which used infected machines to visit advertising links.

ICEBRG later found three other Chrome extensions — Nyoogle, Stickies, and Lite Bookmarks — did very similar things.

Researchers from ICEBRG believe the extensions were part of a click-fraud scam.

These cons imitate the process of a user clicking on a link for an advert without the victim’s knowledge.

ICEBRG added, however, that these Google Chrome add-ons also had the potential to spy on unsuspecting people.

In their report, the security firm said: “In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed.

“In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks.”

The four offending Chrome extensions have now been removed from the Chrome store after ICEBRG reported its findings privately to Google.

The news comes as Google Chrome users are getting ready to download a major new update which addresses the Meltdown and Spectre security issues.

Google Chrome fans have been put on alert about an update that will be pushed out soon which addresses a recently discovered vulnerability.

On January 23 the search engine giant will roll out Google Chrome version 64.

The big upcoming update will address the Meltdown and Spectre flaws, which are recently discovered vulnerabilities that affect a host of major CPUs.

Nearly all computers worldwide, and many other devices like smartphones, have been exposed to the security gaps leaving them vulnerable to hacker attacks.

Researchers discovered the vulnerabilities in the central processing units, which could allow privately stored data on computers to be hacked.

The bugs could allow hackers to read sensitive information stored on affected device and such as passwords or credit card data.

And as the tech industry as a whole rushes to address the issues, Google have announced Chrome will be getting an update to tackle the problem.

Outlining the update, Google simply said that: “Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.”

They added that users can enable Site Isolation, an experimental feature in the current Chrome 63, for additional protection.

The feature is meant to make it harder for untrusted websites to access or steal information.