Google has removed more than five hundred harmful Chrome extensions from the Chrome Web Store because they infect advertisements with malware. Google did that after researching Cisco Duo Security.
The malicious extensions came to light during a two-month investigation. The extensions made use of a so-called malvertising attack. Hereby advertisements that are shown on websites are infected with malicious software.
Extensions allow users to add additional features to their Chrome browser, such as password managers and adblockers.
The malicious extensions were installed by more than 1.7 million Chrome users. They offered games, weather reports and quizzes, among other things.
Google told the researchers to appreciate their work. “We have taken action and we use the findings as training material to improve our analysis. We regularly examine whether extensions meet the rules.”