Leave a comment

Security alert: 2,000 browser extensions vulnerable to malware attacks

Security alert: 2,000 browser extensions vulnerable to malware attacks
PHOTO COURTESY OF THREAT POST

Which Web browser do you use? A lot of you are using Internet Explorer, Google Chrome, or even the new Microsoft Edge. There's also a good chance you're using Mozilla Firefox. Tens of millions of people use it to search the Web. Even if it's not your everyday, go-to browser, you might occasionally use it for its best features.

It's fast, secure and for a lot of people, it has the best browser extensions. As it turns out, though, it also has 2,000 or more security holes that can lead to your Windows PC or Mac being infected with malware. Worse, the malware lets hackers take over your PC or Mac.

The problem involves those extensions (or add-ons or plug-ins), which let you customize your Internet experience. For example, you might have an add-on like PepFeed, which alerts you if you're shopping and it finds better deals on other sites.

The way the malware gets into Firefox extensions is uncomfortably simple. A hacker creates an extension that looks like it'll be used for a good purpose.

Then it slips right past Mozilla's vetting process, according to researchers at Northeastern University. Or, some extensions are created using an old platform. The bogus extension then infects legitimate extensions with the malware. The findings were recently presented at the Black Hat Asia conference.

There's some good news here. Firefox is aware of the problem and will start implementing a fix. "The method described relies on a popular add-on that is vulnerable to be installed, and then for the add-on that takes advantage of that vulnerability to also be installed," a Firefox representative said. Firefox said it will soon start sandboxing Firefox extensions, meaning the extensions won't be able to share code.

Next Story
Source: Threat Post
Top Story: Your cellphone company has a new way to rip you off
Previous Happening Now

Top Story: Your cellphone company has a new way to rip you off

Popular routers plagued by security problems - is yours on the list?
Next Happening Now

Popular routers plagued by security problems - is yours on the list?

View Comments ()