Blog

Chrome Extensions Are Being Targeted For Hacks

Feb 2, 2019 | Blog

If you’re like most people, no matter how careful you are when you surf the web, you seldom think to review the permissions browser extensions ask for when you install them.  It’s just one of those things that’s easy to lose sight of, and unfortunately, hackers are aware of this.

That’s why vulnerable extensions have become a newly emergent threat in the ever-evolving threat matrix.

Browser extensions can do things that simple websites can’t. Enterprising researcher, Doliere Francis Some took a deep dive into the murky world of extensions and find out if it was possible that they could bypass SOP (Same Origin Policy), which keeps websites from different domains from sharing data.

Over the course of her research, she analyzed more than 75,000 Opera, Firefox, and Chrome extensions.  Although her research revealed that it was uncommon, she was able to confirm that in 197 cases, the answer was yes.

171 of the 197 instances she discovered were Chrome extensions.  That fact should not be seen as an indication that Chrome is inherently less secure than the other browsers, but is reflective of the fact that Chrome has vastly more extensions than the other two browsers included in her survey.

Based on Some’s research, while this is a troubling discovery to be sure, it’s not something you’re likely to encounter or need to devote significant resources to guard against.  In fact, the simplest way to protect yourself is to prevent extensions from communicating with web pages at-will. Although be aware of the fact that this may cause some legitimate extension functions to stop working.

Of course, in a perfect world, browser vendors would do a far better job at analyzing extension behavior before making them available to the general public, but this is extremely unlikely to occur.  Again, it just isn’t a common enough problem to throw a lot of resources at.

In any case though, it’s something to be aware of, and it’s certainly worth checking the permissions of the extensions you’re using.  Better safe than sorry.

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech