news 
Google Chrome 2FA Bypass Attacks Confirmed – Millions of Users at Risk
In a recent announcement, the Chrome security team confirmed that some Google Chrome extensions have been found to contain malicious code, which can bypass two-factor authentication (2FA) and put millions of users at risk.
To ensure the safety of its users, Google has implemented a warning panel that displays information about suspicious extensions. This panel warns users if an extension is suspected to be malicious, violate Chrome Web Store policies, or no longer supported by the developer.
When you see this warning panel, it is likely that you don’t have any dodgy extensions installed, as per the Chrome security team. The panel does provide details on:
Extensions suspected of including malware.
Extensions that violate Chrome Web Store policies.
Extensions that are no longer supported by their developers.
Extensions that do not provide transparency about how they handle user data.
Extensions from outside the Chrome Web Store.
To further ensure security, Google recommends running a Chrome Safety Check by typing “run safety check” in the address bar and selecting “Go to Chrome safety check.” This automated process will notify you if any issues are found with your browser.
The Chrome security team has also shared its extension verification process. Before an extension is published in the Chrome Web Store, it undergoes a two-level review.
Firstly, Google’s AI-powered machine-learning systems analyze the extension for potential violations or suspicious behaviors. Then, a Chrome security team member reviews images, descriptions, and public policies attached to each extension.
If necessary, this manual review may be followed by an even more in-depth examination of the code. It has been reported that less than 1% of all installs from the Chrome Web Store have included malware.
The Chrome security team continually monitors published extensions, using both human and machine processes for review. This includes collaborating with external security researchers who receive bug bounties for reporting potential Chrome threats.
To avoid falling victim to malicious code, Google advises that users periodically inspect their installed extensions and enable enhanced protection mode through Safe Browsing, which provides the highest level of protection.
It is crucial for all Chrome users to be aware of these measures and take steps to protect themselves against potential security risks.
Source: www.forbes.com
