News Application Security

More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities

Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots

Mathew J. Schwartz, InformationWeek
Special To Dark Reading September 30, 2011

A review of 100 Google Chrome extensions, including the 50 most popular selections, found that 27 percent of them contain one or more vulnerabilities that could be exploited by attackers either via the Web or unsecured Wi-Fi hotspots.

Those findings come from a study being conducted by security researchers Nicholas Carlini and Prateek Saxena at University of California, Berkeley. In particular, they analyzed the 50 most popular Chrome extensions, as well as 50 others selected at random, for JavaScript injection vulnerabilities, since such bugs can enable an attacker to take complete control of an extension.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

The researchers found that 27 of the 100 extensions studied contained one or more injection vulnerabilities, for a total of 51 vulnerabilities across all of the extensions. The researchers also said that seven of the vulnerable extensions were used by 300,000 people or more.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Strategies for Improving Web Application Security

Web applications are fraught with risk, but for most companies, not having them is not an option. They're just too important to customers and to the business. In this Dark Reading report, we recommend some best practices for balancing the needs of the business with security requirements. It doesn't take special certification or a million dollars, but it does take planning, time, and a smart combination of tools and best practices.
Tools and Strategies for File-Level Data Protection

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. This may be because it can be more challenging to secure data, but once data is locked down, any compromises to the networks and servers that transport and house it almost don't matter. In this Dark Reading report we recommend several ways that security pros can effectively ensure that data is kept from prying eyes.
Insecurity with Java

In the wake of a zero-day vulnerability being exploited by multiple active attacks, IT teams wait for Oracle to respond. Again. Here's how to keep your systems safe, but meanwhile, start considering: Does Java's popularity as an attack vector vs. its diminishing functionality make permanently disabling plug-ins a smart idea?

Related Content

Sponsored by

Detecting and Blocking Site Scraping Attacks

Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.
How SEEK Prevents Competitors from Scraping Website Content with Imperva

SEEK, Australia's number one job site, prevents competitors from scraping Website content with Imperva SecureSphere. This video case study shows how Imperva's SecureSphere Web Application Firewall safeguards SEEK's Website from site scraping and Web application attacks.
Cutting the Cost of Application Security: An ROI White Paper

Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage, and customer turnover. This white paper illustrates how Imperva's SecureSphere Web Application Firewall provides a Return on Security Investment of 2090% by preventing data breaches and Website downtime.
Botnets at the Gate: Stopping Botnets and Distributed Denial of Service Attacks

Botnets have infiltrated millions of users' computers and wrecked incalculable damage. This white paper lifts the veil on botnets and on the cyber-criminals behind them. It analyzes the history, growth, and economics behind botnets. It then investigates one of the most common attacks executed by botnets: the Distributed Denial of Service (DDoS) attack.
Hacker Intelligence Summary Report: The Anatomy of a Hacktivist Attack

Imperva witnessed a recent hacktivist attack that lasted for 25 days. Our observations give insight into hacktivist attack methods and an examination of how social media enables recruitment and attack coordination. Understanding how hacktivists operate will help organizations prepare for a future attack.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Back Issues

In This Issue

How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
Not All Or Nothing: Effective security doesn't mean stopping all attackers.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Application Security

More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities

Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Strategies for Improving Web Application Security

Tools and Strategies for File-Level Data Protection

Insecurity with Java

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Application Security

More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities

Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue