Welcome to Google Chrome Plugins

Source of Plugins, Themes, Add-ons and information for the Google Chrome Web Browser!

Top Tip: Click here to Fix Windows Errors & Optimize Windows Performance

Researchers Find 27 Chrome Extensions To Be Insecure

by arupchou on October 13, 2011

While Chrome extensions are designed to make browsers more productive, there are certain extensions which can be potentially Chrome Extensionsmalicious. Security researchers Nicholas Carlini, Adrienne Porter Felt and Prateek Saxsena have discovered some of such extensions which are insecure. The researchers reviewed 50 popular and 50 random Chrome extensions for security issues from Chrome Web Store which hosts the extensions. Out of the 100 extensions reviewed, the researchers found 27 extensions insecure. The extensions account for a total of 51 susceptibilities.

Extensions Used By Many Users

According to the data available in the Chrome Web Store, the 27 insecure Chrome extensions are used by more than 300,000 users. After the report two of the vulnerable extensions Open Attribute and Silver Bird have been fixed their respective development teams. Because of the vulnerabilities, the extensions can leak out important information such as password or history of the web which can be exploited by attackers to steal critical information of the user.

LastPass and XMarks are some of the other extensions which have been found insecure. The most interesting thing to note is the fact that developers of most of the insecure extensions have not followed Chrome’s Content Security Policies. It is believed that if the policies would have been followed then there would have been a reduction of 96% in vulnerabilities. If the policies would have been implemented then the attacker would not have been able to infect the extension by injecting malicious JavaScript.

At this point of time, researchers have not decided to publish the list of infected and protected extensions as they want to give developers sufficient time to protect their extensions. Full security papers will be released at the beginning of November. It is important that each and every extension of available in the Chrome Web Store is protected since most of the users look forward to use these extensions to carry out several useful activities.

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


Buzzify Networks

Google Chrome and Google™ is a Trademark of Google Inc - Google Chrome. - Sitemap - Privacy Policy - SEO Enhanced
This site chromeplugins.org is not affiliated with or sponsored by Google Inc.
Coming Soon Chrome Themes and Chrome Extensions