recommended reading

Google Chrome’s Little Helpers Are Offering Hackers a Backdoor to Hijack Your Web Browsing

Mark Lennihan/AP

Extensions are useful little programs written by independent developers to customize your browser experience, whether its by blocking advertisements,aggregating your newsfeed, or keeping you on task. But they may also offer a way for malicious coders to get past Google Chrome’s notoriously tight security to harness your online activity for personal profit, or perform other acts of  mayhem.

In December, Google’s developer community noticed that an extension called Window Minimizer was hijacking people’s searches to earn money for a third-party search engine. The extension—a productivity shortcut for other web developers—was written by someone calling himself Ionut Botizan, who had it reroute links from Google search to a third party search engine called Ecosia, allegedly to save the rainforest (Right…). Botizan’s little trick is an variation on clickjacking, which momentarily shunts web users to a third-party site to artificially boost traffic or generate ad revenue.

Extensions run alongside Chrome, not within it, so the security onus is supposed to be on developers, who have to abide by Google’s Developer Program Policies, and on users, who must agree to each extension’s Terms of Service. Ostensibly, this frees both Google and the developer from liability. But in practice it means that Google has to play catch-up to police the thousands of Chrome extensions that are available.

On its own, Botizan’s hack was mostly harmless. But it’s worrying how easily he was able to fool other developers, the very people who should know better. For those of us who may not be so well-informed, it’s sobering to think what a truly malicious extension could do.

Threatwatch Alert

Network intrusion

FBI Warns Doctors, Dentists Their FTP Servers Are Targets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.