Threat actors could easily exploit any browser extension to distribute illicit payloads, reports Cybernews.LayerX researchers showed that installing the proof-of-concept "Totally Innocent Extension" in Google Chrome and subsequently downloading Spotify from the music streaming app's official website in another tab allowed the covert alteration of files downloaded from any site to potentially facilitate persistence, lateral movement, data theft, and complete device compromise."Without breaking the original application, without triggering warnings, and without requiring any additional permissions, the extension appends attacker-controlled code to every downloaded executable. The original program still runs normally, and the user sees exactly what they expect. From there, it's game over," said LayerX researcher Iyar Segev.While researchers noted the findings to highlight gaps in browser extension security, such an issue was not acknowledged by Google and Mozilla, with the former noting that social engineering intrusions are outside the purview of its browser's threat model.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds