Centre’s Cyber Security Agency Cautions Users About Google Chrome Extensions
Internet users should exercise caution while installing Google Chrome extensions as the company has removed over 100 malicious links after they were found collecting “sensitive” user data, country’s cyber security agency said today.
The Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyber attacks and guard the Indian cyber space, said it has also been found that these extensions contained code to bypass Google Chrome’s web store security scans.
The malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information, it said.
“It has been reported that Google has removed 106 extensions of the Google Chrome browser from the chrome web store which were found collecting sensitive user data,” the agency said in the advisory.
“These extensions, reportedly posed as tools to improve web searches, convert files between different formats as security scanners and more,” it added.
The federal cyber security agency suggested users to uninstall Google Chrome extensions with IDs given in the IOCs (organisational chart) section.
The agency advised Internet users to only install extensions which are absolutely needed and refer user reviews before doing so.
They should uninstall extensions which are not in use, it said, adding that users should not install extensions from unverified sources.