JOIN US×
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Be cautious while installing Google Chrome extensions: CERT-In
Last Updated 01 July 2020, 10:30 IST
Computer Emergency Response Team of India (CERT-In), the national cyber security nodal agency, on Wednesday asked public to be cautious about installing Google Chrome's extensions.
Internet users should exercise caution while installing Google Chrome extensions as the company has removed over 100 malicious links after they were found collecting “sensitive” user data, the country’s cyber security agency said.
CERT-In also advised Internet users to only install extensions which are absolutely needed and refer user reviews before doing so.
Internet users should uninstall extensions which are not in use, it said, adding that users should not install extensions from unverified sources.
The cyber security agency also said that these extensions contained code to bypass Google Chrome’s web store security scans. The malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information, the agency said.
“It has been reported that Google has removed 106 extensions of the Google Chrome browser from the chrome web store which were found collecting sensitive user data,” the agency said in the advisory.
“These extensions, reportedly posed as tools to improve web searches, convert files between different formats as security scanners and more,” it added.
CERT-In also suggested users to uninstall Google Chrome extensions with IDs given in the IOCs (organisational chart) section.
Users can visit the chrome extensions page and subsequently enable developer mode to see if they have installed any of the malicious extensions and then remove them from their browsers, it said.
Internet users should uninstall extensions which are not in use, it said, adding that users should not install extensions from unverified sources.
The cyber security agency also said that these extensions contained code to bypass Google Chrome’s web store security scans. The malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information, the agency said.
“It has been reported that Google has removed 106 extensions of the Google Chrome browser from the chrome web store which were found collecting sensitive user data,” the agency said in the advisory.
“These extensions, reportedly posed as tools to improve web searches, convert files between different formats as security scanners and more,” it added.
CERT-In also suggested users to uninstall Google Chrome extensions with IDs given in the IOCs (organisational chart) section.
Users can visit the chrome extensions page and subsequently enable developer mode to see if they have installed any of the malicious extensions and then remove them from their browsers, it said.
ADVERTISEMENT
(Published 01 July 2020, 08:40 IST)
ADVERTISEMENT
ADVERTISEMENT