Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then is nearly impossible for most to manually uninstall.
It was available for download on Google servers until Wednesday, 19 days after it was privately reported to Google security officials, a researcher said.
When Arntz installed the extension on a test machine, Chrome spontaneously clicked on dozens of YouTube videos, an indication that inflating the number of views was among the things it did.
The researcher provided additional details in a blog post published Thursday.
Read 9 remaining paragraphs