Security researchers founded 130 of the browsers were sport malicious activity and 4,172 behaving suspiciously, most of them were spotted in Google Chrome Web Store
Studying a number of the Chrome extensions using a specially designed tool called Hulk. It help them analyze the extensions and determine the nature of their activity
“In principle injection need not occur at all, since Chrome extensions can come packaged with all the code needed to operate. In total, we found more than 3,000 extensions that dynamically introduced remotely-retrieved code either through script injections r by evoking ‘eval’,” explains the paper.
One of them component had been download 5.6 million times which performed replacing original ads, inserting ads into pages, overlaying ads over content or changing affiliate IDs to direct the revenue to its owner.
Google has take precautions to stop this malicious extensions in the Chrome Web Store by verifying each
Google imposed more limitations to maintain the safety of their customers, and at the moment no extension outside Chrome Web Store can be used in a browser to restart. Users can add them in developer mode, but this has to be done each time Chrome starts.