Google doesn't let you install third-party extensions for security reasons

Sep 11, 2014 13:41 GMT  ·  By

Google has been trying to get some more control over the apps that get installed on Chrome because of all the security issues that result from people installing various extensions that haven’t been vetted by Google.

The company has made it mandatory for apps and extensions getting installed on Chrome to also be in the Chrome Web Store. This means that you can download them just fine from various sites, but they’ll work only if they’re also in the Store. Google claims that this is a method for it to police the whole process and keep out malicious apps.

Things are far from perfect, however. TrendMicro reports that yet another malicious browser extension has made its way in the Web Store and it’s not a singular event.

It seems that it all starts on Facebook, where a click-bait post tries to get your attention to a video related to drunk girls. Once the link is clicked, the individual is redirected to a site that replicates YouTube, but where the video doesn’t actually work.

In order to get the video to work, you’re prompted to install a Chrome extension, which would obviously be unnecessary if you were on the actual YouTube site.

Clicking on the notification that pops up will take you to the Chrome Web Store and invites you to download the malicious extension. After the installation, the user is transported to the actual YouTube page where they can watch the much-desired video.

The extension then makes Facebook posts and comments in your place, but it can also send messages and links via the Facebook chat. This helps with the spreading of the extension.

Thousands of downloads for malicious apps

TrendMicro reports that the author of the extension has hired a virtual private server over in Russia where he registered several domains. The majority of the users who accessed the dangerous sites were from Brazil, but there were also people from the UK, the United States and Argentina.

This isn’t the first malicious extension that has made it past Google’s watchdogs, and it’s not alone in the store. Most of those that appear to be malicious have only been in the Store for a short time period. Unfortunately, however, they’re getting a lot of downloads, with a few thousands each.

If Google really wants to make Chrome safe and deny people the option of installing absolutely any extension they want from third parties, they should at least pump up the security and test everything.