After receiving feedback security researchers, Google removed more than 500 extensions with malicious behavior, such as advertising redirect private data from millions of users to upload secret.
Some of these malicious extensions have been issued for many years, while others are just on the line for a very short period of time, these malicious extension has been downloaded 1.7 million times.
Although Google said the company will use machine learning to automatically scan and detect expansion, however, this does not completely solve the problem of malicious extensions.
Security researchers Jamila Kaya and Cisco's Duo Security researchers said, "In the case reported here, the creator of the Chrome extension dedicated to the expansion, the basic ad features user difficult to understand. This is done to your browser the client connects to a command and control architecture, leaked private browsing data without the user's knowledge, so that users face the risk of being exploited by advertising stream, and fraud detection mechanism trying to escape the Chrome Web Store. "
In the analysis of malicious behavior, the researchers found that the normal operation of these malicious extensions are implanted in different ads when users open certain pages.
Meanwhile, if the user opens the e-commerce shopping site, they will hijack the link and add the rebate, but these operations do not result in serious consequences.
After extensive analysis, the researchers found malicious extensions can also hijack a user's access rights, redirect users to access phishing sites gangs made.
Consequences if the user accidentally enter your password or financial information in these phishing sites may result in leaks account or credit card theft.
Currently, Google is deleted from the user and store these extensions, we recommend that users do not install any unfamiliar extensions.