An independent security researcher has found malicious code in 18 Chrome extensions currently available in the Chrome Web Store. Combined, the extensions have over 57 million active users. It’s yet more evidence that Chrome extensions need to be evaluated with a critical eye.
Chrome extensions are apps built on top of Google Chrome that allow you to add extra features to your browser. The tasks that this customizable feature can do are wide-ranging, but some popular extensions can auto-fill your password, block ads, enable one-click access to your todo list, or change how a social media site looks. Unfortunately, because Chrome extensions are so powerful and can have a lot of control over your browsing experience, they are a popular target for hackers and other bad actors.
It’s that last feature that leaves PDF Toolbox open for bad intentions. Google requires extension developers to only use the minimum permissions necessary. In order to download PDFs from tabs that aren’t currently active, PDF Toolbox has to be able to access every web page you currently have open. Without this feature, it would not be able to pseudo-legitimately access your browser to the same extent.
In addition to finding more affected extensions, Palant was able to confirm what the malicious code was doing (or at least had done in the past). The extensions were redirecting users’ Google searches to third-party search engines, likely in return for a small affiliate fee. By infecting millions of users, the developers could rake in a tidy amount of profit.
If you have one of the affected extensions installed on your computer, you should remove it now. It’s also a good idea to do a quick audit of all the other extensions you have installed to make sure that you are still using them, and that they all look to be legitimate. If you not, you should remove them too.
Otherwise, treat this as a reminder to always be vigilant for potential malware. For more tips on how to fight it, check out our guide on removing malware from your computer.