Security researchers from Germany’s CISPA Helmholtz Center for Information Security have developed software to help identify Chrome extensions that are vulnerable to exploitation by malicious webpages and other extensions.
Back in 2018, Google announced plans to redesign its browser extension platform to make it more secure. Under its old platform rules, known as Manifest v2, Chrome extensions had broad powers that could easily be misused.
And many miscreants have abused those powers. In February 2020, for example, Google removed more than 500 malicious extensions. That was a month after Google closed its Chrome Web Store to new extensions to fight payment fraud. There were more removals in April and May 2020, this time related to extensions designed to steal crypto-wallet credentials. There were other such incidents in June and December 2020. And this sort of thing has been going on for years.