Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Chrome Google

Google Chrome To Warn When Installed Extensions Are Malware (bleepingcomputer.com) 27

Posted by BeauHD from the PSA dept.
Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware. BleepingComputer reports: An unending supply of unwanted browser extensions is published on the Chrome Web Store and promoted through popup and redirect ads. These extensions are made by scam companies and threat actors who use them to inject advertisements, track your search history, redirect you to affiliate pages, or in more severe cases, steal your Gmail emails and Facebook accounts. The problem is that these extensions are churned out quickly, with the developers releasing new ones just as Google removes old ones from the Chrome Web Store. Unfortunately, if you installed one of these extensions, they will still be installed in your browser, even after Google detects them as malware and removes them from the store.

Due to this, Google is now bringing its Safety Check feature to browser extensions, warning Chrome users when an extension has been detected as malware or removed from the store and that they should be uninstalled from the browser. This feature will go live in Chrome 117, but you can now test it in Chrome 116 by enabling the browser's experimental 'Extensions Module in Safety Check' feature. [...] Google says that extensions can be removed from the Chrome Web Store because they were unpublished by the developer, violated policies, or were detected as malware.
This discussion has been archived. No new comments can be posted.

Google Chrome To Warn When Installed Extensions Are Malware More

Google Chrome To Warn When Installed Extensions Are Malware

Comments Filter:

  • Usually indicative of (Score:5, Interesting)

    by Rosco P. Coltrane ( 209368 ) on Monday August 21, 2023 @09:43PM (#63786844)

    usually indicative of it being malware

    Either that or displeasing Google for some reason or other.

    Try to find NewPipe on the Google Play Store for example. Can you guess why it's not there?

    • Re:Usually indicative of (Score:5, Interesting)

      by SeaFox ( 739806 ) on Monday August 21, 2023 @11:26PM (#63786956)

      Either that or displeasing Google for some reason or other.

      I have an app on my Android phone that I use to add my iCloud address book and Calendars to the normal Android Contacts and Calendar apps. I've used it for years, and a few months ago the Play Store suddenly started displaying warnings that the app was unsafe and had been caught "attempting to bypass Android safety restrictions". Not that it actually had bypassed, and the app had not been updated in many months so there hadn't been any recent changes in the app to give it new evil powers. The app was no longer listed on the Play store and my phone displayed a warning every few hours about it (likely when I was running a sync), saying I should uninstall it.

      People may think I'm a fool, but I chose to ignore it and turned off Play Protect, because:

      1) Removing the app would have immediately deleted my address book and removed my calendars from my phone, and I was not able to locate another app that does two-way syncing successfully (a couple claim to, followed by reviews saying otherwise, also one super-expensive subscription app).

      2) I had seen no evidence to suggest anything malicious had happened to me in the several years I had used the app, and

      3) I had found no way to actually read any details on why the app was suddenly unsafe when it had been perfectly fine the previous week. It was just a "trust us, we know what's good for you" situation.

      A week or so ago I checked again and my phone no longer displays warnings in I open the app. I re-enabled Play Protect and after scanning my phone it seems to be all hunky-dory with the app it claimed was a menace before. The app still works fine, and is still no longer on the Play store.

      I'm not sure how to interpret this except Google not liking the app for some reason. Maybe because it allows me to keep my personal address book and calendars on a rival's platform instead of their own.

      • The problem is is that apps are 'blackboxed' by nature. It looks and works perfectly fine, especially when it sends off your credit card information to a group of Russian hackers without tipping you off through errors whatsoever. On the flip side, I don't fully trust Google to be the policeman here because they have demonstrated that they will remove apps for many other reasons besides 'malware'.

        • Re: (Score:2)

          by SeaFox ( 739806 )

          The problem is is that apps are 'blackboxed' by nature. It looks and works perfectly fine, especially when it sends off your credit card information to a group of Russian hackers without tipping you off through errors whatsoever.

          Well, I have to extend some level of trust to the developers to even use the app. It has to be given permission to log into a third-party account in my name to do its job. I have to set an app-specific password for it to access my iCloud and Apple doesn't give me the ability to limit the login to only certain services, either. If someone wants to do an open-source app with the same features I would have no qualms about switching.

          I don't fully trust Google to be the policeman here because they have demonstrated that they will remove apps for many other reasons besides 'malware'.

          My issue was mainly they did not demonstrate any material harm to me with their

    • Either that or displeasing Google for some reason or other.

      Some reason or other is an interesting way of saying "this program solely exists for the user to breach the terms of service of Youtube".

      • "this program solely exists for the user to breach the terms of service of Youtube".

        Maybe so, but it's not malware.

        The point being that Google removes programs from its app stores for its own good as well as that of the user.

        • Google didn't remove it for being malware, it removed it for violating the Google Play ToS. So what is your point? Other than that you don't understand the topic being discussed?

    • Re: (Score:2)

      by jonadab ( 583620 )
      I've got a simpler method:

      Just ask the user, "Do you have any browser extensions installed?"

      If the user says, "Yes, I have [whatever]", it's almost certainly not malware.

      If the user says "I have no idea" or words to that effect, then all the extensions that are installed are almost certainly malware, except in quite rare cases where a system administrator has installed browser extensions.

  • Coming soon... (Score:5, Insightful)

    by Anonymous Coward on Monday August 21, 2023 @09:50PM (#63786852)

    Your ad blocking extension is a very high risk 3rd party security problem. It has been disabled for you.

    Well, more likely they would disable it without telling you.

    • Re: (Score:1)

      by AmiMoJo ( 196126 )

      If Google wanted to do that they would have done it years ago. They don't need an excuse, they have been removing extensions since they first started in 2010.

      I understand a lot of people don't like Google, but can you please make the effort to do even the most basic sanity check on your conspiracy theory before posting it? When Google kills something off or removes a feature they are normally pretty good at telling you, even if it's deeply unpopular.

  • Wouldn't it be better.., (Score:2, Insightful)

    by kenh ( 9056 )

    ...if Google Chrome refused to install extensions it identifies as "Malware"?

    • Wow, yeah, maybe not approve them for the Google App Store to begin with! I bet that would be really hard for them to implement, or else they would have already done it. I certainly can't think of any other app store maintainer that does anything similar.

      • Often an extension is bought out and 'updated' into malice long after it is approved. Now, why they allow unvetted updates is another discussion...

  • Why not block them by default? (Score:3)

    by thesjaakspoiler ( 4782965 ) on Monday August 21, 2023 @10:19PM (#63786898)

    Or is that hurting some Google business model?

    • Yep - the "do the bare minimum and only really act on things that are obvious and easy to act on to maximize profits" model.

    • Hurting their business model of "do whatever you want, unless it's later discovered to be really bad" vs. "walled garden."

  • They don't already do this? (Score:4, Insightful)

    by fafalone ( 633739 ) on Tuesday August 22, 2023 @12:06AM (#63786984)
    What good is having a browser that craps all over your privacy in the name of safety if it doesn't do something basic like tell you when you've downloaded malware from it's own store?
    • What genius did they just hire to come up with this? The various designers & developers that have worked on Google Chrome for the past decade or so were no match for this new coder's/designer's intellect. They should give 'em a promotion, see what other not-bleedin'-obvious features they can think of!
  • I think they just want to remove all the add-ons that help you get more functionality or just be free. No wonder they have already announced a ban on AdBlock, in which the video from YouTube will not work at all. Their policy is to watch intrusive ads for an hour instead of videos. Or don't watch anything at all. Or pay.
  • I'm ahead, I don't use Google Chrome. Too many issues in the past with abusing your privacy and just never liked their interface.

  • It's kind of funny how for every conspiracy nut commenting "Google is labeling these apps just because it hurts Google's business model" there is an equal but opposite conspiracy nut commenting "Google refuses to block these apps just because it hurts Google's business model".

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      It's kind of funny how for every conspiracy nut commenting "Google is labeling these apps just because it hurts Google's business model" there is an equal but opposite conspiracy nut commenting "Google refuses to block these apps just because it hurts Google's business model".

      Well, there's an extension that helps bypass those annoying URL shorteners. You know, the ones that make you jump through hoops to get through like adf.ly and others? It's called Fast Forward and for nearly a year it was kicked out of

  • Interesting (Score:3)

    by TuballoyThunder ( 534063 ) on Tuesday August 22, 2023 @09:19AM (#63787574)
    Will Chrome warn the user when they try to install Chrome?
  • Tell on itself?
  • Keep changing the code here and there to get it past the detector. If that gets removed, change it again. After all, if no name Chinese companies can rename/rebrand to get "Knifey the Aids Syringe Stuffed Teddy Bear" back on the market in the US.... Meanwhile: "Google has detected that 'Save Youtube Video ' and 'Remove ads' (neither fictional example actual malware to the user) might be a bad extention. Do you wish to remove it?" [YES] [YES] [OF COURSE]

Slashdot Top Deals

Make sure your code does nothing gracefully.

Close