More malicious extensions in Chrome Web Store
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Two weeks ago I wrote about the
PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
...
Mind you: just because these extensions monetized by redirecting search pages two years ago, it doesnt mean that they still limit themselves to it now. There are way more dangerous things one can do with the power to inject arbitrary JavaScript code into each and every website.
What's going on.
Google doesn't check chrome extensions for malware. Matter of fact the author says that he has never heard about the Report abuse link in Chrome Web Store producing any result
See the list at the above URL for 18 known bad extensions.
No doubt, there are more.
BTW, Opera Browser uses the Chrome engine and takes the same extensions.