Over 30 malicious extensions have been discovered in the Chrome web store, potentially impacting millions of users. The initial warning came from security researcher Wladimir Palant, who found the PDF Toolbox extension contained a hidden code allowing third-party websites to insert JavaScript code into any sites the user accessed. A subsequent discovery revealed two more variants of this code and a total of 34 extensions housing it in the Chrome web store. The extensions, with a combined user base of roughly 87 million, included popular ones like Autoskip for Youtube, Soundboost, Crystal Ad block, and Brisk VPN. Although most extensions had over a million downloads each, it is suspected that these figures could have been artificially amplified. Cybersecurity firm Avast noted that the number of reviews for these extensions was suspiciously low given the install numbers. Alarmingly, Avast identified another 50 extensions containing the same hidden code. The malicious code seemed to be purposed for displaying unwanted ads and altering search results to show sponsored links, with the full scope of the attack still under investigation.
Source: www.securityweek.com
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.