back to article Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store

Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. The latest set of bad browser add-ons, identified by researchers from security shop MyCrypto and PhishFort, targeted cryptocurrency services and users in an effort …

  1. cb7

    Duh, why doesn't Google check the extensions before letting them into the store?

    Ditto the Android Play store.

    I'm not a huge Apple fan, but this is one thing Apple have done well.

    1. DrXym Silver badge

      Apple's review procedures remind me of the security gates at Disney World or Universal. At first glance the bag search appears to be there to stop people bringing weapons into the park which it legitimately might do on occasion. But their main purpose is to stop people bringing their own food or drink in and depriving the park of revenue. Same for Apple.

      Apple don't review the app's source code, it reviews the binary and subjects it to a test. If it passes the test it is accepted. Given that an app could be hundreds of thousands of lines of code it would be relatively trivial to hide something that passes this test and still does something malicious in the future.

      Likewise with extensions. Anything malicious could be obfuscated. It would be better to monitor the behaviour of the extension in the wild, or a simulated wilderness and see what it does.

      1. Sandtitz Silver badge
        Meh

        app scanning

        "Apple don't review the app's source code, it reviews the binary and subjects it to a test."

        I agree with what you're saying - yet Apple seems to have way less malignant software in their app store. Google should have equal muscles to vet the binaries, dontcha think?

        Play Store seems to have way more cruft and crappy game clones than App Store, but does Apple actually have equal percentage of malware in total, and they just silently take out the garbage? IDK.

        1. Blackjack Silver badge

          Re: app scanning

          That's because Apple outright has less software for Iphones in their store that Google Play has in its store for Android phones.

          Is not that their review process is much better, is that they have a whole lot less of stuff to review.

  2. Peter Prof Fox

    Just a naive idea

    Surely apps should have a limited set of domains they can talk to, set up in some manifest. Then if they happen to whisper secrets elsewhere there's an immediate gatekeeper violation.

    1. Sandtitz Silver badge

      Re: Just a naive idea

      "Surely apps should have a limited set of domains they can talk to, set up in some manifest."

      How would that help?

      The anonymous perps would just use meaningless domain names or S3 buckets for data transfer - listed in the manifest.

  3. Anonymous Coward
    Anonymous Coward

    Security apps

    I hope they triple double check the super tracking apps they are making for virus monitoring. That is going to have a huge amount of data thieves would love to access. Almost like they are enabling,,,, well "what good is a hero if you don't have villains'". ohhh that could be googs new motto, at least for the play store.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021