Singapore, Singapore, October 3rd, 2024, CyberNewsWire
At the recent DEF CON 32 conference, the SquareX research team took center stage with their presentation titled Sneaky Extensions: The MV3 Escape Artists. This presentation shed light on how malicious browser extensions are exploiting vulnerabilities in Google’s latest standard for chrome extensions, Manifest V3 (MV3), putting both individual users and businesses at risk.
During the presentation, SquareX’s research team showcased rogue extensions developed on the MV3 platform, highlighting alarming findings that have implications for millions of users worldwide. These findings include the ability of these rogue extensions to steal live video streams from platforms like Google Meet and Zoom Web without requiring special permissions. Additionally, the extensions can impersonate users to add collaborators to private GitHub repositories and redirect users to fake login pages disguised as password manager logins.
Moreover, the malicious extensions built on MV3 are capable of stealing sensitive data such as site cookies, browsing history, bookmarks, and download history, mirroring the functionality of extensions built on the older MV2 standard. They can also inject pop-ups into webpages, deceiving users into downloading malware through fake software update prompts.
The issue of malicious browser extensions is not new, with a report from Stanford University estimating that a staggering 280 million malicious Chrome extensions have been installed in recent years. Google has been grappling with this challenge, often relying on independent researchers to identify and report harmful extensions. In some instances, Google has had to manually remove malicious extensions like the 32 that were taken down in June of the previous year, after amassing 75 million installations.
The introduction of Manifest Version 3 (MV3) was meant to address the security gaps in the older MV2 standard by imposing stricter security controls and limiting extension permissions. However, SquareX’s research has revealed that MV3 still has vulnerabilities that can be exploited by attackers to carry out malicious activities, leaving both individual users and enterprises vulnerable.
One of the key shortcomings in current security solutions such as endpoint security, SASE/SSE, and Secure Web Gateways (SWG) is the lack of visibility into installed browser extensions. Enterprises currently lack the tools and platforms needed to dynamically assess the safety of browser extensions, leaving them exposed to potential threats.
In response to these challenges, SquareX has developed innovative features as part of their Browser Detection and Response solution to address these gaps effectively. These features include fine-grained policies that enable enterprises to allow or block specific extensions based on criteria such as permissions, creation date, user reviews, and ratings. Moreover, SquareX blocks network requests sent by extensions in real-time based on predefined policies, heuristics, and machine learning insights.
Additionally, SquareX is experimenting with dynamic analysis of Chrome extensions using a modified Chromium browser in the cloud server, further enhancing their ability to detect and respond to malicious behavior. These solutions are already being deployed at medium to large enterprises, successfully thwarting attacks targeting browser extensions.
Vivek Ramachandran, Founder & CEO of SquareX, emphasized the growing risks associated with malicious browser extensions, noting that they pose a significant blind spot for traditional security solutions like EDR/XDR and SWGs. Ramachandran highlighted the importance of dynamic analysis and stringent policies in identifying and blocking these threats effectively, pointing out the limitations of Google’s MV3 standard in this regard.
SquareX’s mission is to provide organizations with cutting-edge cybersecurity solutions to detect, mitigate, and respond to client-side web attacks in real-time. Their Browser Detection and Response (BDR) solution offers a proactive approach to browser security, protecting enterprise users against a wide range of advanced threats, including malicious extensions, phishing attacks, and malware.
Enterprises can rely on SquareX to ensure secure access to internal applications and protect against the ever-evolving landscape of web-based threats. As the threat posed by malicious browser extensions continues to escalate, solutions like those offered by SquareX are crucial in maintaining a robust cybersecurity posture.
Contact
Head of PR
Junice Liew
SquareX
[email protected]