Chrome extensions, Tools designed to improve browser functionality, have become an attack vector for cybercriminals. There is a market where legitimate extensions are purchased and then modified and malicious code introduced. These modifications may include redirects to fraudulent sites, credential theft and other user-damaging behavior.
A prominent case is that of John Tuckner, founder of the cybersecurity company Secure Annex, who acquired the extension “Website Blocker” by 50 Dollars. After modifying your code, was able to distribute an update that reached all users without them being aware of the changes. This experiment showed how easy it is for an attacker to take control of an extension and use it for malicious purposes.
Another example is that of extension “Browser Boost Extra Tools for Chrome”, that after being sold, began to redirect his 30.000 users to websites determined by the new owner. A user alerted about this behavior in the GitHub repository, and the original creator confirmed that he had sold the extension months ago, dissociating himself from the actions of the new owner.
These incidents underscore the importance of reviewing the permissions requested by extensions before installing them and of maintaining regular control over those that are already installed. In addition, It is recommended to remove those that are not used and be aware of unusual browser behavior, such as unexpected redirects or unauthorized configuration changes.
Fountain: Engadget