back to top

Chrome’s New Alert System for Dangerous Extensions and Vulnerable Web Apps

Chrome's New Alert System for Dangerous Extensions and Vulnerable Web Apps

Google will notify users when an extension is removed.

Google is adding a safety feature to the Chrome browser.

In Chrome 117 (currently in Beta), the browser will warn if an installed extension is removed from Chrome Web Store.

Extensions expand browser functionalities. Some are misused for malicious actions like stealing passwords or showing adware.

Google works to protect users, removing malicious products. But users with malware need to remove it themselves to stay secure.

People often ignore news about malicious extensions.

Notifying users about removed extensions nudges them to investigate, signaling potential malware.

Chrome 116 can test this in the “Extensions Module in Safety Check”. Enable it at “chrome://flags/#safety-check-extensions”, under “Privacy and security”.

This menu shows removed extensions and reasons.

The Alarming Count of Vulnerable Web Apps

Many web-based apps are exploitable, putting users’ Personal Identifiable Information (PII) at risk.

CyCognito’s new report reveals that 74% of these apps contain PII vulnerable to known major exploits. These exploits relate to Apache Superset, Papercut, and MOVEit. Additionally, 11% have easily exploitable flaws, including misconfiguration, lack of HTTPS encryption, and no deployment of a cloud firewall (WAF).

The report shows enterprises typically have over 12,000 web apps, with 3,000+ having at least one exploitable flaw. Half of these are hosted in the cloud. Worryingly, 98% may not comply with GDPR, denying users cookie opt-out.

Widespread Issue

Cyberattack analysis by SANS Institute and Akamai supports CyCognito’s findings, noting a surge in attacks on apps and APIs in 2022.

CyCognito CEO Rob Gurzeev cites the impactful MOVEit breach as a lesson in cloud security for CISOs. He highlights how a company’s attack surface shifts up to 10% monthly, creating security gaps.

Guenther from Critical Start flags the scale of PII breaches, with 74% of assets exposed to major exploits. Keeper Security’s CEO Darren Guccione explains PII misuse’s danger for fraud and losses, as FTC reports a spike in imposter scams.


More like this