Study Reveals Malicious Chrome Extensions

A recent analysis of Chrome browser extensions performed  by USENIX, The Advanced Computer Systems Association, has revealed a relatively high number of malicious and suspicious extensions, many of which have been downloaded by millions of users.

featured -chrome

In a PDF document issued by USENIX detailing their findings, the researchers noted:

The amount of critical and private data that web browsers mediate continues to increase, and naturally this data has become a target for criminals. In addition, the web’s advertising ecosystem offers opportunities to profit by manipulating a user’s everyday browsing behavior. As a result, malicious browser extensions have become a new threat, as criminals realize the potential to monetize a victim’s web browsing session and readily access web-related content and private data.

USENIX utilized a dynamic analysis system of their own creation called Hulk (which flushes out an extensions’ malicious behavior) to analyze 48,332 Chrome extensions.

First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension’s expectations in web page structure and content,” USENIX explains. “Second, Hulk employs a fuzzer to drive the numerous event handlers that modern extensions heavily rely upon.”

Of the 48,332 extensions analyzed, 130 were found to be outright malicious while a further 4712 were found to be “suspicious”. Among the 130 malicious extensions, USENIX identified behavior which included; ad manipulation, affiliate fraud, information theft, and social network abuse. Here is USENIX’s breakdown of both malicious and suspicious extensions by detection types:

usenix - table of extensions



*An extension might have more than one detection.

*[m] denotes malicious detections, [s] denotes suspicious detections.





The researchers also include a number of recommendations in the paper which, hopefully, Google will heed.


Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 8 comments

Comments are closed.