Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
A Chrome ad blocker extension with more than 10 million installs has been found to possess a dormant script injection capability, according to a report by The Hacker News. The extension, which is designed to block advertisements, contains code that could allow it to inject arbitrary scripts into web pages visited by users. Security researchers discovered this functionality during an analysis of the extension's codebase. The script injection capability was described as dormant, meaning it was present but not actively being used to inject malicious content at the time of discovery. The researchers did not name the specific extension in the report. The finding raises concerns about the potential for abuse, as the extension's large user base could be targeted if the capability were activated. The extension remains available on the Chrome Web Store, and it is unclear whether Google has taken any action regarding the issue. The discovery highlights the risks associated with browser extensions that have extensive permissions, as they can be used to compromise user security and privacy.
A widely used extension with dormant malicious code poses a latent security risk to millions of users.