A spyware attack recently discovered by researchers at Awake Security compromised with the user data by enabling 32 million downloads of extensions to Google’s Chrome web browser.
The recent update provided by the company on the long-standing security issues in the tech industry shows how it has failed to address the challenges concerning security issues on web browsers, which is used for a variety of sensitive purposes, including emailing and payroll processing.
The researchers at the firm alerted Google about the breach last month, following which the company removed about 70 malicious add-ons from Chrome’s Web store.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover said in a statement.
According to Awake co-founder and chief scientist Gary Golomb, this has been reported as one of the most massive malicious Chrome store campaigns to date and he based his statement on the number of downloads for such add-ons.
Even though the add-on allegedly warned users about questionable websites but it did retrieve the browsing history and data to have access to internal business tools.
Google has promised in the past to wipe off any bad extensions on its own and to have strict supervision of offerings on Chrome’s Web store. However, concerning the latest threat and security issue through add-ons, Google has not yet commented on the extent of damage and what it was not able to detect it.
It is yet to be found who was behind this attack to distribute the malware. Awake, however, confirmed that the add-on developers submitted fake information while submitting the extensions for Google’s Chrome Web browser.
Meanwhile, former National Security Agency engineer Ben Johnson said that such activities that can access someone’s email or other sensitive information can be a target for organized crime as well as national espionage.
© 2024 Latin Times. All rights reserved. Do not reproduce without permission.