New Google Chrome Attacks Bypass More Than Just 2FA—Millions At Risk – Forbes
Hackers are bypassing Google search protections to push malicious Chrome extensions.Update, Jan. 10, 2025: This story, originally published Jan. 9, now includes a statement from Google.I recently reported how millions of Google Chrome users were being put at risk by dozens of fake browser extensions as part of an attack that replaced the genuine ones in order to bypass 2FA protections. If you thought that things couldn’t get much worse, you’d be wrong: new security and privacy analysis has revealed how hackers are manipulating Google’s search protections to expose hundreds of millions more users to malicious and potentially dangerous extensions. Here’s what you need to know.Although the wave of attacks towards the end of 2024 that replaced genuine Google Chrome web browser extensions with malicious duplicates capable of bypassing account 2FA protections used phishing methodology to gain access to the developer accounts required to pull off the switch, phishing is not the only tactic that is being employed by dodgy extension threat actors.As first reported by Dan Goodin at Ars Technica, security and privacy researcher Wladimir Palant has undertaken a deep-dive technical analysis of how Google’s search protections are being manipulated by hackers to ensure their potentially dangerous and definitely dodgy Chrome extensions are pushed to the top of the search results even when users are searching for a genuine and unrelated product.“Apparently, some extension authors figured out that the Chrome Web Store search index is shared across all languages,” Palant said, and to avoid being flagged as spam by adding the names of other products to the extension description, hackers are stuffing descriptions with the keywords they want to exploit, in as many as 55 different languages. This means, dear reader, that the extension then “starts showing up for these keywords even when they are entered in the English version of the Chrome Web Store.”Palant found all the extensions, and go read the report to see the shockingly extensive list of these that was uncovered, used the translation technique to manipulate Google search results, this wasn’t the only trick in the Chrome extension hacking magic box. Most extensions combined a number of different approaches in a pick-and-mix attack methodology.Here are the techniques that Palant spotted the most:Palant recommended that Google itself pushes back against the manipulation methods in the analysis by employing existing rules in the Chrome Web Store abuse policy. “There is also a possible technical solution here,” Palant said, “by making Chrome Web Store search index per language, Google could remove the incentives for this kind of manipulation. If search results for Bengali no longer show up in English-language searches, there is no point messing up the Bengali translation anymore.”I reached out to Google for a statement regarding the manipulation of Chrome extensions within search results, and a spokesperson said: “We’re aware of the research and are taking appropriate action.”One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
