informa
News

More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities

Extensions contain one or more vulnerabilities that could be exploited via the Web or unsecured Wi-Fi hotspots
A review of 100 Google Chrome extensions, including the 50 most popular selections, found that 27 percent of them contain one or more vulnerabilities that could be exploited by attackers either via the Web or unsecured Wi-Fi hotspots.

Those findings come from a study being conducted by security researchers Nicholas Carlini and Prateek Saxena at University of California, Berkeley. In particular, they analyzed the 50 most popular Chrome extensions, as well as 50 others selected at random, for JavaScript injection vulnerabilities, since such bugs can enable an attacker to take complete control of an extension.

The researchers found that 27 of the 100 extensions studied contained one or more injection vulnerabilities, for a total of 51 vulnerabilities across all of the extensions. The researchers also said that seven of the vulnerable extensions were used by 300,000 people or more.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: