Got Malicious Chrome Extensions?

Category: Browsers , Security

Your web browser is your first line of defense against all manner of cyber attacks. But some disturbing reports of malicious Chrome extensions that resist most manual removal efforts have led me to wonder just how good Google is at keeping malicious extensions out of the Play Store, and how committed Google is to doing so. Read on for the scoop…

Is Google Doing All It Can To Protect Against Malicious Chrome Extensions?

Google puts a lot of effort into making the Chrome browser safe and secure. But when third-party extensions are added, your level of security may drop to zero. Browser extensions have nearly full access to the web pages you visit, so in addition to spying on your activity, a malicious extension can steal passwords, user your computer to mine cryptocurrency, and make you an unwitting participant in click fraud schemes.

The recent discovery of a uniquely stubborn rogue extension quickly led to revelations of others, and to the company’s alarming admission that over a thousand malicious apps are uploaded to the Play Store every single month. Equally disturbing is Google’s apparently lackadaisical response to the first extension; after being notified of its presence, Google took 19 days to remove it from the Play Store!

A company spokesperson stated that this extension and another user-resistant malicious app were “automatically removed… from the machines of affected users.” Now, “automatic” implies “fast,” but these removals did not happen until hours after Ars Technica published a post about them and the weeks-long delay in getting attention paid to the first one!

Malicious chrome extensions

The malicious apps in question were “Tiempo en colombia en vivo” (Weather in Columbia Live), a Chrome extension, and “Play Red Bull version 4,” ostensibly a children’s game that runs in Chrome. They are both gone, but the way they were handled has left a sour taste in many mouths.

James Oppenheim, who reviews children's games professionally, is one of those whose lips are twisted bitterly. The rogue “game” contained a logo that named his site,, as the official home of the malware! James notes that he has never written an extension; he reviews games, he does not create them.

“It appears that whoever published it knows enough about what I do reviewing kid's software to think that my name would help make the malware more trustworthy,” Oppenheim told Ars.

Adding insult to that injury, he says that a week after he reported the offending app via the “REPORT ABUSE” button on its Play Store page, he had absolutely no response from Google and the malware remained available… and aimed at children, mind you!

You can protect yourself by installing only browser extensions to those that are well-established, with many thousands of positive reviews, and preferably millions of existing users. The Chrome Web Store displays star ratings, and the number of user reviews on the category pages. When you click to see the details of an extension, you can see how many users have installed it, and read the reviews.

The “game’s” page said it had 27,781 users at the time Oppenheim investigated it. Many of them posted warnings that the thing was malware. “Makes me wonder how seriously Google is taking this problem,” he said in his email to Ars Technica’s Security Editor, Dan Goodin.

Fumbling the Ball

I wonder too. Google’s spokesperson didn’t even get the word “Ball” right in the response that Goodin finally received, substituting “Bull.” Funny, that’s exactly what I think is Google’s response to this security failure! There’s a lot more to this story as told by Oppenheim and Goodin, but I think we have the gist: Google didn’t just fumble the ball, it was disgracefully late to the game.

I mentioned earlier that 1000+ malicious apps are uploaded to the Play Store every month, and the great majority of those are automatically flagged and removed. So it's not fair to say that Google isn't trying to protect their users. But you can only do so much with automation. When you're dealing with numbers of users in the tens or hundreds of millions, a success rate of 99.9% is not nearly good enough.

I get it: Google Chrome is the world’s most-used browser by several country miles; it’s the first and often only target of every hacker. But Google knows that, and Google has plenty of money to throw at problems like this. If they don't have enough people to handle problems like this, I refer you to the previous sentence. When problems are pro-actively reported by real humans who are saying "Hey, this is malware!" they should be acted on swiftly.

This sort of failure to protect, and delay in remediation, and defense of indefensible obtuseness, is simply unacceptable. Google, you must do better here. Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 30 Nov 2018

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 28 November 2018

The Top Twenty
Next Article:
[HOWTO] Fix the Chrome Update Bug

Most recent comments on "Got Malicious Chrome Extensions?"

Posted by:

30 Nov 2018

never had any bad ext...but then always delete google chrome!!!

Posted by:

Kim Ludwig
30 Nov 2018

I use Spy Hunter to protect my computer. It is the best protection I have found. It finds so much more hidden malware and viruses than any of the other programs I have used. It is not free but I feel it is worth the cost.

Posted by:

Jay R
30 Nov 2018

I don't know why so many people go around hating on virtually everyone. Especially, when there are some that are so deserving. Google is certainly one. MS and FB are another couple. This Triple Threat is certainly sufficient to handle 99.94% of my hate. Thanx, Bob, for helping me realize that my fears are not unfounded.

Posted by:

30 Nov 2018

Becoming more and more disenchanted with Google Chrome. Problem is that it runs faster than any other browser I try, so guess I will just have to stay diligent.

Posted by:

30 Nov 2018

Yes!!! I wrote a comment just yesterday that the built-in Chrome security tool recommended on this site couldn't be found on Chrome on a Chromebook. I had stupidly put a weather extension from the Chrome web store on my Chrome browser. (Only on the Chromebook, luckily; not on my laptops.) After that, my mouse often wouldn't work correctly and tabs advertising various app downloads would appear. I blocked those particular tabs, but new ones appeared. I uninstalled the extension and those tabs stopped appearing, as of last night. So far, so good. Now I'm just crossing my fingers. (I can google the weather.)

Posted by:

30 Nov 2018

All the more reason to move to Firefox, Linux, & Lineage (without gapps). You will be far safer and more private.

Posted by:

Paul W Jr
30 Nov 2018

Google is disgusting. They prove over & over that they could care less about computer users. I recommend using SRWare Iron Browser which is a Chrome clone, but much better than Chrome imho. Also, Vivaldi is a great browser that is based on Chrome, but much better imho.

Posted by:

30 Nov 2018

I don't even have Chrome on my newest machine. I avoid Android anything like the plague it usually is. I run Malwarebytes pro which is outstanding and always on but still won't trust Chrome. Vivaldi and Firefox are my browsers and neither has ever let me down. Nothing I need Chrome for, nor want it. Google and it's "do no evil" motto has become the evil empire in my opinion, I don't use their search engine either and never will.

Posted by:

30 Nov 2018

Another very good reason to stay a long,long way from Google and all their crap,which I do.I will stick with the all fashion first come.Thank you.

Posted by:

top squirrel
30 Nov 2018

The James Damore incident told me all I need to know about Google.
The DuckDuckGo search engine does as well and won't result in your getting pelted with ads related to anything you search for.
But be careful: Many downloads have a box that has you asking to download Chrome and make it your default browser. Just uncheck it.
Try to remember chrome is just plating; it's just skin deep. Not even that, really.
And its logo has an eye smack in the middle.
All the better to watch what you're doing, my dear!

Posted by:

Ed Beck
30 Nov 2018

I had so much trouble with spyware taking over my Chrome extensions that I finally just deleted Chrome again and went back to using my microsoft account, edge, as my private browser.
I guess I need to get a good anti spyware as Webroot and Total AV diden't get it.

Thanks Bob for this confirmation article.

Posted by:

Marj Watts
30 Nov 2018

I added the recommended weather app to my LG phone a few days ago. By the second day, I noticed my phone was using up my battery very quickly, even when idle. It's been known to retain 100% overnight, and suddenly it was down to 2% by morning! As soon as I disabled the weather app, my phone was back to using power very slowly.

Posted by:

30 Nov 2018

To be safe, I do not install ANY browser extensions. I avoid having any acct. at any app stores. In fact, I avoid using my real name in connection with my computer, it's browsers, operating systems etc. A friend said they hate using chrome because of all these persistent
(un-removeable) extensions. I said: Chrome is great, just avoid downloading any apps (including windows apps from MS store).

Posted by:

30 Nov 2018

Cognizant about various negative reports and being averse to opening myself up to get screwed, I have veered away from Google as much as feasible and avoid using their products. Bearing this in mind, I have deleted Chrome from my system entirely.

Posted by:

top squirrel
01 Dec 2018

Just curious: when you uninstalled Chrome did you get a screen that begged you to reconsider and asked you something like "what, oh what did we do to deserve this?"
I downloaded and installed Chrome when it first came out but when I couldn't find the information I needed to set it up the way I like, I gave up and started to uninstall it. That's when I ran into that Boo-Hoo screen.
I'm just curious if people now uninstalling Chrome run into something similar.

Posted by:

01 Dec 2018

I've been using Chrome - and having problems with W7 home - maybe connected - no spyware AFAIK hae SAS Pro and run free Malabytes plus Spyware Blaster. I always had FF but when they went to Quantum and started to deny programs I liked - (shades of W10)
So will try SRA Iron Browser - don't like Vivaldi and most others to date. Chrome is fast but I do worry re security - I use Avast safe browser for banking etc.

Posted by:

Tom West
01 Dec 2018

Who would trust Google?

Posted by:

02 Dec 2018

When I found out the Google search engine kept my searches for 6 months, I decided to use other search engines and most recently found DuckDuckGo which does not track my searches. Because I didn't like what Google was doing I never installed Google Chrome. Well that is not quite true because on several occasion when I was not as careful as I should have been when I installed other software, particularly antivirus, I did not uncheck the boxes that also installed Google. But I uninstalled it immediately without ever using it. I don't use any of the main browsers Internet Explorer, Google Chrome, FireFox, and Safarie, and it is my guess that Opera is in-between those and the lesser know ones that I use. My Credit union insisted that I use one of the first 3 listed above and I would have left that bank except that my mortgage is also with them. But I discovered that one of my lesser known browsers (BlueMoon) was accepted. SeaMonkey which is a mozilla offshoot is my main browser. Yahoo Email stopped accepting this but I can use BlueMoon. On my task bar I have the following browsers: SeaMonkey, Opera, Slimbrowser, SlimJet, and BlueMoon. The last 2 seem to be the fastest. I generally try to take the Road Less Traveled and still have the book by that name.

Posted by:

Debra Morse
02 Dec 2018

So sick of getting ALERT messages from google due to people trying to hack into the "temporary" email account google set up for everyone at the University where I work when it switched from the old mail program to google mail. Supposedly this was to give everyone time to get anything necessary worked out through the old mail program while also having to gmail. When the switch was made permanent and the old program shut down, instead of google shutting down the "temporary" accounts in favor of the permanent ones, they kept the temporary ones! Now they want me to "login" to the temporary account to check on the activity!!! I have no idea what the old password was as we are required to change passwords every 90 days here so I can't login even if I wanted to. There is nothing in the temporary account that I remember BUT what is so frustrating is that I CANNOT get in contact with anyone at Google to have them just delete the fricking temporary account! The university is no help as they say they can't do anything about it either!! EXTREMELY unhappy with Google!!!

Posted by:

Bob Slade
08 Dec 2018

I recently had another computer repaired which
had windows 8 now put on win 10 with
windows 10 defender
seems not to work with my pc matic which I have on
it also with they work together or should I
remove windows 10 defender?

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Got Malicious Chrome Extensions? (Posted: 30 Nov 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved