Security researchers founded 130 of the browsers were sport malicious activity and 4,172 behaving suspiciously, most of them were spotted in Google Chrome Web Store
Studying a number of the Chrome extensions using a specially designed tool called Hulk. It help them analyze the extensions and determine the nature of their activity
Suspicious behavior of the extensions included affiliate fraud, credential theft, ad injector and social network abuse. There were components that tampered with the security-related HTTP headers, which allowed JavaScript injection in web pages.
“In principle injection need not occur at all, since Chrome extensions can come packaged with all the code needed to operate. In total, we found more than 3,000 extensions that dynamically introduced remotely-retrieved code either through script injections r by evoking ‘eval’,” explains the paper.
One of them component had been download 5.6 million times which performed replacing original ads, inserting ads into pages, overlaying ads over content or changing affiliate IDs to direct the revenue to its owner.
Google has take precautions to stop this malicious extensions in the Chrome Web Store by verifying each
Google imposed more limitations to maintain the safety of their customers, and at the moment no extension outside Chrome Web Store can be used in a browser to restart. Users can add them in developer mode, but this has to be done each time Chrome starts.