Has Google failed to protect its Chrome

browser????
21 June 2020
Massive spying on users of Google’s
Chrome shows new security weakness
18 June 2020
San Francisco
 Reuters(Reuters is an international news organization
owned by Thomson Reuters.) reported a “newly discovered
spyware effort” targeting users of Google’s browser
Chrome.

 The spyware, it said, has been pushed through at least 111

malicious or fake Chrome browser extensions, which have
been downloaded some 32 million times.
 (Browser extensions are add-ons that provide additional capabilities to the
user.)
 The report also said Google had taken off more than 70 extensions from its
official Web Store last month after being alerted to their malicious nature by
researchers at Awake Security.

 The rest were never in its web store.
A browser extension is a small software module for customizing a web browser. Browsers typically allow a
variety of extensions, including user interface modifications, ad blocking, and cookie management. Browser
plug-ins are a separate type of module.
It has been mentioned that some of the fake extensions were never in
the Chrome Web Store. How were they made to work then?
This is due to the misuse of an open-source browser project, Chromium
— installing it can lead to malicious add-ons. This works as a rogue
browser when users unwittingly give it the okay to run when prompted.

Alphabet Inc’s Google said it removed more

than 70 of the malicious add-ons from its
official Chrome Web Store after being alerted
by the researchers last month.
A newly discovered spyware effort attacked users through 32
million downloads of extensions to Google’s market-leading
Chrome web browser, researchers at Awake Security told
Reuters, highlighting the tech industry’s failure to protect
browsers as they are used more for email, payroll and other
sensitive functions.
 Google declined to discuss how the latest spyware compared with prior
campaigns, the breadth of the damage, or why it did not detect and
remove the bad extensions on its own despite past promises to supervise
offerings more closely.

It is unclear who was behind the effort to

distribute the malware. Awake said the
developers supplied fake contact information
when they submitted the extensions to Google.
 Malicious developers have been using Google’s Chrome Store as a conduit
for a long time. After one in 10 submissions was deemed malicious, Google
said in 2018 it would improve security, in part by increasing human review.

 But in February, independent researcher Jamila Kaya and Cisco Systems Duo
Security uncovered a similar Chrome campaign that stole data from about 1.7
million users.

 Google joined the investigation and found 500 fraudulent extensions.

 We do regular sweeps to find extensions using similar techniques, code and

behaviours, Google’s Westover said, in identical language to what Google
gave out after Duo’s report.
 What other vulnerability has this finding revealed?
• The Awake Security report ends with a question mark on the
conduct and practices of a small Israel-based domain
registrar called Galcomm, according to Reuters.
• Its report says 60% of its domains are high risk for
organisations. These malicious domains have managed to
evade categorisation as unsafe because their actions depend
on where the client is connecting to it from. They act
maliciously only if the client connects from a broadband or
cable network. They act benignly if the request comes from a
data centre or virtual private network.

“This registrar, who also maintains a Registrar Accreditation Agreement with ICANN
(The Internet Corporation for Assigned Names and Numbers), is responsible for putting
far more malicious domains, malware, and exploitative content on the internet than
legitimate content. We believe the research and analysis summarized in this report
proves that Galcomm is at best complicit in malicious activity.”
The bigger issue raised by the report is one of lack of oversight by ICANN, which
oversees domain name standards.