Google has recently removed at least 106 Chrome extensions that were identified as a threat to user privacy after being caught collecting sensitive user data. Cybersecurity firm Awake Security had identified 111 Chrome extensions and alerted Google about the same and out of these 111 extensions, Google took down 106.
In order to alert internet users about this, the Indian Computer Emergency Response Team (CERT-In) has issued an advisory. “These extensions reportedly posed as tools to improve web searches, convert files between different formats, as security scanners, and more. It has also been found that these extensions contained code to bypass Google's Chrome Web Store security scans. They had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information,” said CERT-In in its advisory.
CERT-In further recommended that people should delete these Google Chrome extensions immediately. “Uninstall extensions with IDs given in the IOCs section (List can be found on CERT-In website. Users can visit the chrome://extensions page, then enable Developer Mode and see if they installed any of the malicious extensions and remove them from their browsers. Users of Google Chrome browser are advised to exercise caution while installing browser extensions. Install only extensions which are absolutely needed and refer User reviews before installing extensions. Uninstall extensions which are not in use. Do not install extensions from unverified sources,” it said.
CERT-In recently issued an advisory warning citizens about a new email fraud. As per the advisory, scammers are trying to blackmail users and forcing them to pay money by threatening to leak their personal photos and sensitive information.As per the CERT-In advisory, although the listed passwords, shown as evidence may be actual passwords that you used in the past, the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.