Search results for google chrome store | Breaking Cybersecurity News | The Hacker News

Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that Google is aware of the issues and has proactively been working to change the way its Chrome web browser handles extensions. Earlier this year, Google banned extensions using cryptocurrency mining scripts and then in June, the company also disabled inline installation of Chrome extensions completely. The company has also been using machine learning technologies to detect and block malicious extensions. To take a step further, Google announced Monday five major changes that give users more control over certain permissions, enforces security measures, as well as makes the ecosystem more t...

Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now freely available and already included in the cost of your smartphone. For the very first time, Google has announced its plans to charge a fee to European Android phone manufacturers who want to include a free version of Google apps on their Android handsets. In short, Android phone makers will now have to pay Google for installing the Play store, Gmail, YouTube, Maps, and Chrome, that are usually considered to be core parts of the Android operating system, but are actually Google services. "Since the pre-installation of Google Search and Chrome together with our other apps helped us...

You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome extensions on all platforms. Google announced today in its Chromium blog that by the end of this year, its Chrome browser will no longer support the installation of extensions from outside the Web Store in an effort to protect its users from shady browser extensions. "We continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly — and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites," says ​James Wagner, Google's extensions platform product manager. Google's browser extensions crackdown will take place in three ph...

Facebook profiles can be hijacked by Chrome extensions malware Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses. The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store. To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension. The launchpad for the fake Flash Player is a Facebook app called " Aprenda ". If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension. " This last o...

In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform. The expansion in Google's vulnerability reward program majorly includes two main announcements. First, a new program, dubbed 'Developer Data Protection Reward Program' (DDPRP), wherein Google will reward security researchers and hackers who find "verifiably and unambiguous evidence" of data abuse issues in Android apps, OAuth projects, and Chrome extensions. Second, expanding the scope of its Google Play Security Rewards Program (GPSRP) to include all Android apps from the Google Play Store with over 100 million or more installs, helping affected app developers fix vulnerabilities through responsibly disclosures.' Get Bounty to Find Data-Abusing Android & Chrome Apps The data abuse bug bounty progr...

If you came across a celebrity sex video on Facebook featuring Jessica Alba or any other celebrity, just avoid clicking it. Another Facebook scam is circulating across the social networking website that attempts to trick Facebook users into clicking on a link for a celebrity sex tape that instead downloads malware onto their computers. Once installed, the malware would force web browsers to display aggressive advertising web pages which include sites with nudity and fake lotteries. The spam campaign was uncovered by researchers at Cyren, who noted that a malicious Google Chrome extension is spreading nude celebrity PDFs through private messages and posts on various Facebook groups. If opened, the PDF file takes victims to a web page with an image containing a play button, tricking users that the PDF may contain a video. Once clicked, the link redirects users of Internet Explorer, Firefox, or Safari to a web page with overly-aggressive popups and advertisements related to ...

In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden rise in malicious extensions that appear to offer useful functionality, while embedding hidden cryptocurrency mining scripts that run in the background without the user's knowledge. Last month, cryptocurrency miners were even found in a Russian nuclear weapons lab and on thousands of government websites . In January, cryptocurrency mining malware also infected more than half-million PCs . Until now, only those cryptocurrency mining extensions were allowed on the Chrome Web Store that are solely intended for mining, and explicitly informed users about its working and revenue model. If the company finds any mining extension developers submitted was not in compliance and secre...

Two widely used Adblocker Google Chrome extensions , posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, they also pose huge threats to both your privacy and security. Being the most over-sighted weakest link in the browser security model, extensions sit between the browser application and the Internet — from where they look for the websites you visit and subsequently can intercept, modify, and block any requests, based on the functionalities they have been designed for. Apart from the extensions which are purposely created with malicious intent , in recent years we have also seen some of the most popular legitimate Chrome and Firefox extensions g...

If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users. Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online and could allow its creators to steal any information victims enter into any website they visit, including passwords, web browsing history and credit card details. Discovered by Andrey Meshkov, co-founder of Adguard, these five malicious extensions are copycat versions of some legitimate, well-known Ad Blockers. Creators of these extensions also used popular keywords in their names and descriptions to rank top in the search results, increasing the possibility of getting more users to download them. "All the extensions I've highlighted are simple rip-offs with a few lines of co...

Last year at Google I/O developer event, Google launched a limited beta " App Runtime for Chrome " (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser . ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android s...

A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access tokens. The first company to shed light the campaign was cybersecurity firm Cyberhaven, one of whose employees was targeted by a phishing attack on December 24, allowing the threat actors to publish a malicious version of the extension. On December 27, Cyberhaven disclosed that a threat actor compromised its browser extension and injected malicious code to communicate with an external command-and-control (C&C) server located on the domain cyberhavenext[.]pro, download additional configuration files, and exfiltrate user data. The phishing email, which purported...

Have you ever been somewhere and urgently you need a file stored in your home computer ? This is very common situation that most of us deal with, but now rather returning home and get it, Google has offered a better solution for this problem. Google – one of the most innovative tech companies on the planet, famous for providing new technologies to make every job easy for its users, has released Google's Chrome Remote Desktop service today for your Android Smartphones to remotely control your PC anytime, from anywhere. Google's Chrome Remote Desktop app for Android provides an easier and secure interaction of your computer with your Android Smartphones. So, using this app you can control your desktop system or PC remotely from anywhere using your Android Smartphone, provided your Mac, Windows or Linux system has Chrome Remote Desktop app installed and running. Google first introduced this service in 2011, which allowed users of Chrome OS or Chrome browser to remotel...

At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google in the Chrome web browser later this year. Cookies, also referred to as HTTP cookies or browser cookies, are the small pieces of information that websites store on your computer, which play an important role in improving your online experience. Cookies are created by a web browser when a user loads a particular website, which helps the website to remember information about your visit, like your login information, preferred language, items in the shopping cart and other settings. However, cookies are also being widely used to identify users and track their activities not only on the site that issued a cooki...

Over the past few years, Cyber Criminals have choose the official Google Chrome Web Store to push malware. In a recent announcement by Google, like Google Play Android apps store, all new apps uploaded to the Chrome Web Store will now also be automatically scanned for malware. Also, Google warned developers that it may take a little longer than before for their app to go live in the store, and  scanning may take from just a few minutes up to an hour.  " Starting today in the Chrome Web Store, you might notice that your item is not broadly available immediately after you publish it. " It is always against the Chrome Web Store Content Policies to distribute malware, if developer still wants to upload something malicious, they should cancel the process and withdraw their program. " This new functionality does not require any action on the part of developers. When you publish an item in the store, the developer dashboard will indicate that your item is i...

Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ' Cryptsy Dogecoin (DOGE) Live Ticker ' which is available on Chrome Web store for free downloads and developed by " TheTrollBox " account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions. HOW CHROME EXTENSION STEALS CRYPTOCURRENCY It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users' web activity and looks for those users who go to Cryptocurrency exchange sites s...

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users. Unfortunately, the Chrome extension of Copyfish has been hijacked and compromised by some unknown attacker, who equipped the extension with advertisement injection capabilities. However, its Firefox counterpart was not affected by the attack. The attackers even moved the extension to their developer account, preventing its developers from removing the infected extension from the store, even after being spotted that the extension has been compromised. "So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back," the de...

As cybercriminals have started using sophisticated phishing techniques in an attempt to hijack online users' account, Google on Wednesday launched a new Chrome Extension to fight against Phishing . The search engine giant has launched a new Password Alert Chrome extension that will alert you whenever you accidentally enter your Google password on a carefully crafted phishing website that aimed at hijacking your account. So, GO and INSTALL the freely available, open-source Password Alert extension which is now available in the Chrome Web Store. Password Alert extension does two things: Prevents you from re-using your Google account password on other websites. Protects you if you've typed the same Google password on a non-Google website by generating a warning that you have just been phished and should immediately change your password. According to the company , nearly two percent of the e-mail messages to Google's Gmail are phishing emails from cyber ...

Browser extensions are extra features and functionality that you can easily add to Google Chrome, Firefox and other popular Browsers, but they can be used to serve malicious adware , which automatically renders advertisements in order to generate revenue for its author.  Hackers are now taking their business rather more seriously than we thought. Even a single instance of malicious adware on your PC can inject bad ads or malware to your browser. Ads are a legitimate way to monetize. However, creating and spreading a fresh add-on to get a large user base is always tough, but now adware companies found a new trick i.e. Buying trusted browser extensions with a large user-base and exploiting their auto-update status to push out adware. Recently, the developer of ' Add to Feedly ' Chrome extension with 30,000+ users, Amit Agarwal , was approached by some mysterious buyers. " It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal ," ...