Google has removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security. Google began requiring extensions to only request access to the “least amount of data” starting October 15, 2019, banning any extensions that don’t have a privacy policy and gather data on users’ browsing habits. The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous.
Source: https://thehackernews.com/2020/02/chrome-extension-malware.html