“Browser extensions are a blind spot for EDR/XDR, and SWGs have no way to infer their presence”: Google Chrome’s new Manifest V3 framework, touted as private and secure, might be a breeding ground for phishing scams

by

"Browser extensions are a blind spot for EDR/XDR, and SWGs have no way to infer their presence": Google Chrome's new Manifest V3 framework, touted as private and secure, might be a breeding ground for phishing scams

What you need to know

  • Google recently transitioned Google Chrome’s extension support from the Manifest V2 framework to V3.
  • The company indicated the Manifest V3 framework provides better privacy and security for users.
  • New research shows malicious browser extensions can bypass the new framework’s security measures, leaving users susceptible to phishing scams.

As a seasoned cybersecurity analyst with over two decades of experience under my belt, I have seen the digital landscape evolve and, unfortunately, become increasingly treacherous. The latest development involving Google Chrome’s transition from Manifest V2 to V3 has left me with a mix of intrigue and concern.

Improvements are crucial for a smooth and enjoyable web browsing journey for users. It’s worth noting that Google has upgraded the way Google Chrome supports extensions, moving from the Manifest V2 structure to the Manifest V3 architecture.

The significant shift affected numerous browser add-ons, such as uBlock Origin, which might expose approximately 30 million Chrome users to annoying ads due to this development. Google linked the major change to safety and privacy issues with the Manifest V2 system. As stated by Google, the Manifest V2 system “poses security threats by allowing untested code to be run within extensions.

Read moreApple Maps now works on your Windows PC... sort of

As a devoted user, I was thrilled when Google introduced Manifest V3 as a more secure and reliable option for browser extensions because it limits execution of JavaScript only within the extension’s package. However, recent findings by SquareX have raised concerns that some extensions might still find ways to bypass the security measures in Manifest V3 (as reported by TechRadar Pro). This loophole could potentially expose users to risks, allowing malicious actors to gain access to personal and sensitive information.

Based on their study results, it appears that harmful browser add-ons can circumvent the security of the Manifest V3 system, thereby gaining unauthorized access to active video streams, such as those from Google Meet and Zoom Web. The company has previously encountered similar problems with the Manifest V2 framework, which could have contributed to the shift towards V3.

It’s said that harmful browser add-ons permit malicious individuals to secretly invite unwanted contributors to personal GitHub projects without permission. Additionally, these extensions can potentially trick innocent users into falling for phishing attacks disguised as secure password managers. By doing so, they can gain access to your browsing history, download records, cookies, bookmarks, and much more.

It’s important to note that security systems such as Secure Access Service Edge (SASE) or endpoint protection don’t evaluate browser extensions. This means users could potentially face security threats. Fortunately, researchers have proposed some strategies to address these vulnerabilities. One approach involves refining policies so administrators can regulate extension access based on factors like reviews, ratings, the permissions requested by an extension, and its update history.

Read moreRemnant 2 announces third and final DLC 'The Dark Horizon' on its birthday, and its release date isn't far off

According to SquareX Founder & CEO Vivek Ramachandran:

EDR/XDR systems struggle to detect browser extensions, and Security Web Gateways can’t discern their presence. This vulnerability has allowed attackers to surreptitiously install these extensions for monitoring enterprise users. They are using this method to eavesdrop on web calls, act as the user to grant permissions to external parties, steal cookies and other website data, among other malicious activities.

According to SquareX, their solution is designed to halt network requests from browser extensions instantaneously, using a combination of predefined policies, intelligent machine learning predictions, and analytical techniques.

Read More

2024-11-11 21:39