Duo Security says IT admins should not be too concerned as there is a tool available to see which extensions are affected. Called CRXcavator (CHrome eXtension excavator), the tool was used by Duo to see which extensions should be whitelisted or not. It is a beta solution that allows admins to take a granular approach to extension security in Chrome. There are 180,000 extensions available in the Web Store and many of them are extremely useful to organizations. However, developers are seemingly not taking security seriously, as Duo discovered. “This allows organizations to know exactly what extensions are being used, who is using them and how much risk is brought to the organization by their users’ extensions,” notes Duo Security. Through January, the company used CRXcavator to monitor 120,463 extensions on the browser. The results are startling, showing 38,289 extensions used third-party software libraries that are known to have security vulnerabilities. Furthermore, almost 85% (102,029) did not have a published privacy policy and 93,080 had not related support website.

Adware

Just this week, we reported on a situation where Chrome extensions are loaded with adware. Security firm Kaspersky Lab reports Chrome extension developers are now using ads. Again, most users may be willing to accept ads for a free service, but Kaspersky says many developers are aggressively placing ads and creating extensions loaded with adware. If you are unfamiliar with the term adware, it basically means when an app or website bombards the user with ads.

Google Chrome Extensions Found to Be Vulnerable and Unfit for Business - 9Google Chrome Extensions Found to Be Vulnerable and Unfit for Business - 94Google Chrome Extensions Found to Be Vulnerable and Unfit for Business - 61Google Chrome Extensions Found to Be Vulnerable and Unfit for Business - 85Google Chrome Extensions Found to Be Vulnerable and Unfit for Business - 95