Internet users should exercise caution while installing Google Chrome extensions as the firm has removed over 100 malicious links as soon as they were discovered amassing”sensitive” user information, country’s cyber-security bureau said on Wednesday.
The Indian Computer Emergency Response Team of India (CERT-In), the federal technology arm to fight cyber-attacks and safeguard Indian cyberspace, said it has also been discovered that these extensions contained code to skip Google Chrome’s Web store safety scans. The malicious extensions had the capability to take screenshots, read the clipboard, crop authentication cookies or grab user keystrokes to browse passwords and other private information, it said.
“It’s been reported that Google has eliminated 106 extensions of their Google Chrome browser in the Chrome Internet Shop that were found amassing sensitive user data,” the bureau stated in the advisory.
“All these extensions, reportedly introduced as tools to improve online searches, convert files between different formats as safety scanners and much more,” it added.
The national cyber-security service proposed users to uninstall Google Chrome extensions with IDs offered in the IOCs (organisational chart) section.
Users can go to the Chrome extensions webpage and subsequently enable developer mode to find out whether they’ve installed some of their malicious extensions then remove them from their browsers, it said.
The bureau advised Internet users to install extensions which are absolutely required and refer user testimonials before doing so.
They should uninstall extensions that aren’t being used, it stated, adding that users should not install extensions from unverified sources.