Chrome Security team defends verification process.
Google Chrome extensions that are known to feature vulnerabilities are still available in the Web Store two years after disclosure.
A recently published research paper by security specialists at Cornell University found clusters of extensions sharing a similar code base, often cut and pasted from public repositories and forums, including code from vulnerable JavaScript libraries, reports Computing.
This means that some extensions may feature vulnerabilities which are still present two years after disclosure.
In a blog, Chrome Security Team members said before an extension is accessible to install from the Chrome Web Store, it has two levels of verification to ensure an extension is safe, and depending on the results of both the automated and manual review, “we may perform an even deeper and more thorough review of the code.”
"This review process weeds out the overwhelming majority of bad extensions before they even get published,” the team said. “In 2024, less than one per cent of all installs from the Chrome Web Store were found to include malware. We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions."
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
