Malware can still bypass Google Chrome’s extension

[humble3d]

Malware can still bypass Google Chrome’s extension

Malicious browser extensions have been a big issue in the past couple of years. One should not confuse outright malicious extensions with adware or toolbars even though they are related to some extend.

The core difference between those groups of extensions is that malicious extensions go beyond displaying ads, leaking information about a user's browsing behavior or being plain annoying.

Browser makers such as Google or Mozilla have invested time and money in methods to protect users from potentially unwanted extensions.

Google for instance created a new policy for Chrome recently that prevents the installation of extensions in the browser if those extensions are not listed in the Chrome Web Store.

While only valid for Chrome Stable and Beta versions on Windows, it supposedly protects users running those versions of the browser from falling prey to malware attacks.

There are manual ways around this protection so that Stable and Beta users can install extensions not available on the official Chrome Web Store.

The real problem is however that malware attacks can still attack the Chrome browser and add extensions to the browser even though that should not be possible anymore due to the protection feature.

http://www.ghacks.net/2014/09/22/malware-can-still-bypass-google-chromes-extension-installation-protection/