While some Google Chrome extensions can be life-changing, others turn out to be the exact opposite. More than 500 malicious extensions were removed a few months ago, and Google recently removed 70 others which had been infiltrated by spyware.
32 million downloads
IT security specialists from Awake Security recently alerted Google to the existence of spyware collecting user data via certain extensions. Ironically, most of these plugins were designed to protect the security of their users' data...
In reality, these extensions were collecting their data: browser history, passwords, etc., and these extensions were downloaded more than 32 million times! Following this alert, Google immediately removed the 70 extensions in question:
When we were alerted to extensions in our web store that violated our policy, we took action and used these incidents as training material to improve our automated and manual analyses.
However, the American company did not provide any details regarding the extensions concerned, nor has Google released any information regarding the possible consequences of this kind of piracy. Google Chrome, which has 2 billion users (60% of the market), regularly falls victim to this kind of phishing, just like its competitors. But these companies communicate little information about the real consequences of such vulnerabilities.
To avoid these kinds of inconveniences, always remember to read the small print before downloading a new extension, and regularly remove obsolete ones.