Chrome Extensions: The Dark Cloud

Chrome extensions are leaking your data and the cloud is raining.

Chrome Extensions: The Dark Cloud

Chrome extensions are leaking your data and the cloud is raining.

With over 5 billion people using Chrome, the browser has captured over 67% of market share as of 2019. That means organizations looking to take their cloud technology to the next level are using G Suite and Chrome for Business.

As the number of companies using Google’s services increases, employees and individuals utilize Chrome’s extension framework to their advantage by installing add-ons that make their life easier. The problem with this increase is that 85% of Chrome extensions have no privacy policy. Your corporate/private data are being sent off to a mystery cloud and you have no idea what the extension creator does with it.

Attacks against companies using Google products have also increased as hackers create malicious extensions, malware, and ad networks specifically for their targets. Just a few weeks ago, Google caught a malicious adblock scam and removed two extensions doing ‘cookie stuffing’.  Google reports that 1 in 10 Chrome extensions are malicious, which means it's likely there is one in your network right now.

In order to stay on top of extensions that leak your data unknowingly, install dangerous software, or break compliance, it is important to know what extensions are running and block them as quickly as you can.

To establish a monitoring and blocking protocol, you first need to audit your extensions. This typically requires scripts to run repeatedly, a manual review process and new rules to be added on a daily basis. Since Chrome stores extension information in profiles, malicious extensions that get removed by malware removal programs get re-installed on every browser launch. That means there’s a perpetual cycle of delete and install happening automatically.

Scripts that audit extensions typically break after updates and only work on Windows environments, so keeping them updated is extremely important. Using crxcavator, you have the ability to check into the security of extensions that you've identified with your custom scripts.

Here's a useful Powershell script to audit extensions(please note this will require editing on your part):

If you think this method of continual updates is intimidating, you're not alone. Thankfully, Apozy lets you know what extensions are running, by everyone, everywhere inside your business, automatically. By using the Apozy extension to cross-audit all running extensions, you can create reports across all employees to show you exactly what’s been installed. The Apozy dashboard allows you to generate these reports across your entire organization or drill in individually. This visibility provides insight into potential malware threats, data loss, as well as policy and compliance violations.

Once you identify extensions you want to block, you can use the one-click fix to disable the add-on and ensure your data stays safe and malware is neutered. This control can be applied to any individual or group, allowing you specific control across your organization.

Chrome extensions can make your life easier but they can also destroy the integrity of a strong data protection policy and cause massive damage if gone unchecked.

The awesome image used in this article is called Hacker Floor and was created by Juan Casini.