Home / TECHNOLOGY / Malicious Chrome prolongation is next to unfit to manually remove

Malicious Chrome prolongation is next to unfit to manually remove

Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s many secure browser, a researcher has documented a antagonistic appendage that tricks users into installing it and then is scarcely unfit for many to manually uninstall. It was accessible for download on Google servers until Wednesday, 19 days after it was secretly reported to Google confidence officials, a researcher said.

Once installed, an app called “Tiempo en colombia en vivo” prevents users from accessing the list of commissioned Chrome extensions by redirecting requests to chrome://apps/?r=extensions instead of chrome://extensions/, the page that lists all commissioned extensions and provides an interface for temporarily disabling or uninstalling them. Malwarebytes researcher Pieter Arntz pronounced he experimented with a accumulation of hacks—including disabling JavaScript in the browser, starting Chrome with all extensions disabled, and renaming the folder where extensions are stored—none of them worked. Removing the prolongation valid so formidable that he eventually suggested users to run the free chronicle of Malwarebytes and let it automatically mislay the add-on.

When Arntz commissioned the prolongation on a test machine, Chrome casually clicked on dozens of YouTube videos, an denote that inflating the series of views was among the things it did. The researcher hasn’t ruled out the probability that the appendage did some-more antagonistic things given the volume of obfuscated JavaScript it contained done a extensive research too time consuming. The researcher supposing additional sum in a blog post published Thursday.

Tiempo en colombia en vivo racked up almost 11,000 installs before Google private it, but it may have found its way onto still some-more computers. That’s given a accumulation of violent websites are using a technique that tricks fresh users into installing the extension. As Malwarebytes explained in late 2016, the forced install pretence uses JavaScript to yield a dialog box that says visitors must install the prolongation before they can leave the page. Clicking cancel or shutting the appendage produces an constant series of variations on that message. Arntz pronounced he secretly reported the prolongation to Google on Dec 29 and that it remained accessible on the Chrome Store until Wednesday.


Arntz pronounced he found a Firefox prolongation that also resisted user attempts to uninstall it, but the retard was comparatively easy to bypass. The researcher has nonetheless to find any denote the appendage was accessible in the Firefox Extensions store.

Check Also

Twitter “bot” inform causes cheer from trollerati as supporter depends fall

reader comments 267 A series of “alt-right,” pro-Trump, and self-described regressive social media personalities awoke …

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>