A fraudulent browser extension was downloaded by 37,000 Chrome users after it sneaked past Google’s Web Store vetting processes, it emerged on Tuesday.
The fake extension was listed on the official Web Store until today and masqueraded as popular legitimate extension AdBlock Plus, which has over 10 million users. Once installed, the fake reportedly swamps infected computers with adverts and opens up tabs without the user’s permission.
The existence of the fake extension was revealed by anonymous cyber security personality @SwiftOnSecurity, but it’s still not entirely clear if the fake compromised the data of the 37,000-odd users who inadvertently installed it on their browsers.
Back in 2015, Google officially blocked Mac users from downloading Chrome extensions not hosted in its official Web Store, over concerns that malicious extensions were becoming rife.
Given this latest breach of Google’s vetting system, Chrome users are advised to carefully check the developer information of extensions before downloading them to ensure they are legitimate and not spoofing popular browser add-ons. We’ll update this article if Google provides clarity on what went wrong this time around.
Discuss this article in our forums