Windows 10: How to Protect Your Network from the Dangers of Chrome Extensions

Without a doubt, Google Chrome is the most popular internet browser on the market. It is regarded as the most secure browser as well, owing partly to the effectiveness of its sandbox (which prevents unverified content from being downloaded into end users’ devices) and the rapid availability of security patches.


Reports from NetmarketShare show that Chrome has about a 61 percent share of the global internet browser market, with its nearest rival Internet Explorer, holding approximately a 12 percent share. Firefox’s market share is just under 12 percent while Microsoft’s new browser, Edge, clings to about 4 percent of the market.

Chrome: Still the Most Secure Browser?
Chrome’s reputation as the most secure internet browser was called into question when four malicious extensions were discovered on its official Web Store. Although Google has removed the extensions, the presence of this threat highlights a key weakness within its framework.


To prevent the download of malicious extensions which might pose a threat to end-user systems, users should not install extensions unless they provide a proven benefit. Even then, the extension’s code and its behavior should be researched and analyzed with care.

Nonetheless, due to the general positive perception of Chrome security, many users completely trust extensions found on the Web Store and install them without sufficient due diligence. However, this confidence was shaken when researchers from ICEBRG, a security firm, detected an unusual surge in outbound network traffic from a workstation.


They discovered that the surge was caused by HTTP Request Header, an extension on the Chrome browser, which used the workstation to stealthily visit ad-related web links. It was soon discovered that three other extensions on the Chrome Web Store – Lite bookmarks, Stickies, and Nyoogle, did pretty much the same thing.

ICEBRG suspected that the extensions were used as a click-fraud scam meant to generate revenue from per-click rewards. However, its researchers noted that the malicious extensions could have been used for more sinister purposes such as spying on organizations’ networks and end-user systems where they were installed.


This wasn’t the first time malicious extensions have been discovered on Chrome’s Web Store. Unknown attackers had previously compromised the accounts of at least two extension developers on the Chrome platform and used the unauthorized access to install extension updates which injected ads unto the websites that users visited.

Chrome Extensions: A Viable Threat Vector
End users use browsers to access shopping, healthcare, banking, cloud-based file sharing, and email. In the process, their personal information (such as passwords, account numbers, credit card numbers, etc.) is exposed to the browser as well as to scripts running on web pages.


The weak security of browsers combined with the powerful, invasive nature of extensions can allow attackers to commit many types of cyber crimes

and access a wide range of private data and computer resources.

Since extensions have access to all the web pages visited by users, they can do almost anything. Aside from inserting ads into visited web pages, some add-ons could function as keyloggers to capture credit card details and passwords, redirect search traffic, or track whatever victims do online.

Malicious Extensions: Designed to Appear Innocuous
Earlier this year, there were other add-ons, nicknamed Droidclub, discovered by Trend Micro’s security experts.

Uploaded to the official Chrome Web Store and downloaded by over 420,000 users, this family of add-ons was designed to appear innocent, but they could replay and record every keystroke, scroll, and mouse click users performed on all visited websites using Chrome browsers and share them with the extensions’ developers.

Extensions as Cryptojacking Malware
The Droidclub extensions could also be used to cryptojack end users’ systems and use their computing power to surreptitiously mine for Monero. This is of major concern to organizations since cryptojacking increases CPU usage, leading to systems overheating and a decrease in device lifespan. Once installed on end users’ devices, the Droidclub apps made it very difficult for users to either report them as malicious or delete them.

Low Acceptance Standards on Chrome’s Web Store
Although Google has since removed this batch of malicious extensions from the Chrome Web Store, its acceptance standards are still relatively low. As such, it’s likely that cybercriminals will continue to use this attack vector to launch attacks via browser extensions.

Preventing Malicious Extensions from Attacking Your Network
As such, organizations must educate their users on how to identify fake and malicious extensions. Due diligence before downloading should include:

• 
  Reading through the add-ons’ descriptions (to ensure they are not suspicious)
  
  
• 
  Verifying developers’ credibility
  
  
• 
  Understanding exactly what the add-on does and the kind of permissions it needs
  

For instance, an add-on that is described as an ad blocker but requests permission to access emails is definitely up to no good.

An Additional Layer of Protection is Needed
Although the above measures are good ways to preempt threats rising from such attack vectors, they are prone to human error and thus, not enough. The most effective way to prevent rogue extensions from breaching your organization’s endpoint systems is to leverage container-based virtual browsers.


With a remote browser isolation solution, all browser-executable code is isolated in a virtual browser within a disposable container hosted outside of the network. Website code never touches the endpoint, and can do no harm.


At the end of each browsing session, the containers are destroyed, along with the virtual browser and all content - benign, infected, or malicious. This effectively prevents dangerous code present on malicious add-ons from executing and carrying out their bad intentions. The result is that your users can browse and use Chrome extensions securely, without putting their data or devices — your organizational networks — at risk.

:)

 

New Windows Defender Browser Protection extension for Google Chrome

Source:

• Windows Defender
• Windows Defender Browser Protection - Chrome Web Store

 

Continuing to protect Chrome users from malicious extensions

Source: Chromium Blog: Continuing to protect Chrome users from malicious extensions

 

Suspect Chrome Extensions


Considering the amount of available Chrome extensions, that isn't a long list.