Security researchers have uncovered how hackers are manipulating Google's search algorithms to push malicious Chrome extensions to the top of search results, exposing millions of users to potential threats.
New security and privacy analysis reveals how hackers are manipulating Google's search protections to expose hundreds of millions more users to malicious and potentially dangerous Chrome extensions. While phishing was used in attacks at the end of 2024 to replace genuine extensions with malicious duplicates, this is not the only tactic employed.
Hackers are stuffing extension descriptions with keywords in up to 55 different languages to manipulate Google search results and ensure their malicious extensions appear at the top, even when users search for unrelated products. This tactic takes advantage of the shared Chrome Web Store search index across languages. Hackers are also using various other methods, including slight variations in extension names and descriptions depending on the language, renaming themselves after competitors, and including extensive, often nonsensical, text descriptions with hidden keywords. Security researcher, Palant, recommends that Google address this issue by enforcing existing rules and potentially making the Chrome Web Store search index language-specific to remove the incentive for manipulation
SECURITY GOOGLE SEARCH MALICIOUS EXTENSIONS CHROME WEB STORE CYBER THREATS
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Hackers hijacked legitimate Chrome extensions to try to steal dataCybersecurity startup Cyberhaven’s Chrome extension was hijacked to steal cookies and authentication data with a hacked update uploaded on Christmas Day.
Read more »
Hackers Target Chrome Extensions for Data Theft During ChristmasCybercriminals exploited vulnerabilities in popular Chrome extensions to steal user data during the Christmas holiday season. The attack involved hijacking legitimate extensions and injecting malicious code, compromising sensitive information.
Read more »
Update Chrome Now—Google Warns Of 2 New High-Risk VulnerabilitiesTwo new high-severity Chrome browser security vulnerabilities have been confirmed by Google—ensure you update and activate the new protections now.
Read more »
Google Unveils Gemini 2.0 AI Despite Antitrust BattleGemini 2.0 will integrate into free Google products like Chrome, YouTube, and Maps starting next year.
Read more »
Google’s New Security Warning For Android Chrome Users—What To Do NowGoogle is rolling out a new Chrome security warning for Android users—here’s what you need to know.
Read more »
New Chrome, Safari, Edge Shopping Warning—Never Google This WordBeware—the best search term is actually the worst. Here’s what you need to know.
Read more »