Security alert: Google sounds the death knell for harmful Chrome extensions

In 2015, a security research team at Google's AI lab identified that nearly 10% (9,523) of all Google Chrome extensions were malicious. Criminals were abusing the Google Chrome Web Store as a way to distribute harmful extensions (malware) and profit from our web traffic and usage data.

The team at Google got to work and built ‘WebEval’; a system they would then use to screen every extension submitted to the store. WebEval eliminated 50% of malware within 25 minutes of submission, but some malware got through the cracks. Over 50 million Google Chrome users remained infected.

How big is the problem?

As of May this year, Statcounter reports that 50.05% of Australians (probably you) use Google Chrome to browse the web (65.5% if you don’t include mobile phones and tablets).

Web Browser Market Share, May 2018

Needless to say, the problem is somewhat enormous and growing. In May 2017, Google Chrome’s market share in Australia was at 43.97%, up 1.74% from May 2016 (42.23%).

Why should I (businesses) care?

At work, best practice IT security mandates controls that prevent us from installing software on our computers. This may seem somewhat autocratic, but when you consider that the number one security risk to your business is your people, it kind of makes sense.

But it gets tricky when it comes to browser extensions.

These often fly under the radar of the security controls which have no visibility of what’s installed inside the browser. So, whilst you may not be able to download and install Google Chrome, you can often install a Google Chrome extension.

And remember, 1 in 10 contain malware.

Okay, so what is Google doing about it?

This week, Google announced it would be putting an end to Inline Installation. *crickets*

Inline Installation is a Google Chrome feature (with an enchanting and descriptive title) that makes it possible for people (like you) to install extensions via third-party websites rather than Google’s Web Store.

Whilst the elimination of Inline Installation won’t mean the end of the broader malware problem, it does mean that criminals will no longer be able to circumvent Google’s malware filtering process on the Web Store.

Any step toward a malware-free work environment – even one like this – is a step in the right direction and businesses everywhere should be kissing Google’s boots.

In fact, perhaps we all should because without Google Chrome we’d still be stuck with the dreamboat that is Internet Explorer.