Despite security measures [2] [3], malicious browser extensions that steal passwords and sensitive data can still be found in the official Google Chrome app store [3]. This is due to a security vulnerability in Google Chrome extensions that allows them to extract plaintext passwords from websites [2]. Even with the introduction of security measures in the Manifest V3 protocol [2], this issue persists [2], enabling potentially harmful extensions to retrieve user data [2].
Description
To illustrate the challenge of identifying extensions with malicious intent, researchers from the University of Wisconsin-Madison successfully uploaded a password-grabbing extension to the Chrome Web Store. They also discovered that a significant number of websites store passwords in plaintext [2], making them vulnerable to direct extraction of user input values [2]. Additionally, approximately 12.5% of extensions in the Chrome Web Store have permissions to access sensitive information [2].
Users must carefully vet extensions before installation and be cautious about the permissions they grant [1]. While extensions cannot steal passwords by default [1], they can read login credentials if given access [1]. Malicious extensions have been known to deceive users into installing them and collect their browsing data or intercept login credentials [1]. Even non-malicious extensions can be exploited by attackers due to security loopholes in their code [1]. Extensions often run with the same privileges as the browser itself [1], allowing them to access sensitive information like passwords [1]. Therefore, users must trust that developers will not abuse the permissions they request and ensure that extensions are secure [1].
Conclusion
These findings highlight the need for enhanced security measures and stricter review processes to protect user data and privacy. It is crucial for users to exercise caution when installing extensions and to be aware of the permissions they grant. Developers should prioritize the security of their extensions and ensure they are not vulnerable to exploitation. Moving forward, it is essential to continue improving security protocols to safeguard user information and prevent unauthorized access.
References
[1] https://dataoverhaulers.com/chrome-extensions-steal-passwords/
[2] https://cybermaterial.com/chrome-extensions-stealing-passwords/
[3] https://www.darkreading.com/application-security/google-chrome-store-review-process-data-stealer
