Recently, Stanford University and the CISPA Helmholtz Center for Information Security published a study showing that more than 346 million users installed extensions containing malicious code between July 2020 and February 2023. After subtracting 66 million failed installations due to policy violations and errors, the research team estimated that there were still 280 million installations containing malware.

The researchers collected the data by parsing each extension's *.json declaration file. These files were then broken down into Application Programming Interface (API) access requests such as storage, cookies, and hosts such as URLs or URL patterns.

chrome.jpg
Over the past three years, more than 280 million users have downloaded malicious extensions. Photo: Forbes

“It is not surprising that extensions tend to request more permissions than they need. The more permissions an extension has, the greater the attack surface,” the team said.

Not only that, the report also pointed out the worrying thing that extensions containing malicious software often have an average lifespan of up to 380 days before being detected and removed. According to Forbes , the longer they exist on the browser, the greater the risk of data being stolen, and the greater the quantity.

Additionally, the research team said that as of May 2024, nearly 1% of all Chrome extension installs contained malware. According to Google statistics, more than 250,000 extensions are available on the Chrome web store, more than any other browser.

Google also recommends four ways users can reduce the risk of downloading malware. These include reviewing the information an extension collects before installing it; uninstalling extensions that are no longer in use; limiting the websites an extension can run on; and turning on Enhanced Protection when browsing the web if needed.

According to Statcounter, as of the end of May 2024, Chrome is still the dominant browser with more than 3.2 billion users. On computers, the browser has a market share of 64.87%, far ahead of the next two positions: Microsoft Edge with 13.14% and Safari at 8.79%. On mobile devices, Chrome accounts for 65.94%, Safari is second with 23.47% and Samsung Internet 4.43%.

Beware of new malware impersonating Google Chrome to trick and steal information . In addition to warning about 5 online scams, this week the Department of Information Security ( Ministry of Information and Communications ) also advised people to beware of new malware called 'Mamont', impersonating Google Chrome to trick and steal information.