Your company's ad could live here and reach over 50,000 people a month!

Share This Post

Google / Security

Duo Security Releases CRXcavator into Public Beta to Identify Dangerous Chrome Extensions

Duo Security Releases CRXcavator into Public Beta to Identify Dangerous Chrome Extensions
Subscribe
Voiced by Amazon Polly

According to Duo Security, a third of the extensions available for Google’s Chrome web browser have serious and potentially damaging security flaws. The company outlays the problem in a recent blog post: Democratizing Chrome Extension Security

Essentially, extension developers either are clueless when it comes to developing secure solutions, they are just lazy, or in some cases, could be delivering secret but devastating payloads on purpose.

Duo Security also uses the blog post to announce a beta product called CRXcavator. The online tool allows you to submit a Chrome extension ID so it can scan to and report its security status.

https://crxcavator.io/

With the recent announcement by Microsoft to begin utilizing Chromium for its own Edge browser – which will include Chrome extension support – the topic of extension security becomes even more important to address.

Even “official” Extensions shouldn’t be trusted. According to the CRXcavator tool, the Amazon Assistant Extension has its own minor, but potential problems.

How do you find the Extension ID?

In the Chrome Web Store, access an Extensions page and pull the ID from the URL…

Share This Post

Leave a Reply