Security Affairs
New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Duo Labs presents CRXcavator Service that analyzes Chrome Extensions

Researchers at Duo Labs has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them. Researchers at Duo Labs, a division of Duo Security, has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them. The experts […]

CRXcavator

Researchers at Duo Labs has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them.

Researchers at Duo Labs, a division of Duo Security, has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them.

The experts released a beta version of the CRXcavator allows to analyze the permissions associated with Chrome extensions, along with many other features, and their implications.

CRXcavator

Extensions have access to powerful functionality within the context of a browser that could be abused by threat actors, for this reason, it is important for end-user to discover malicious Chrome extensions and legitimate, benign extensions affected by security issues.

“The set of permissions an extension requests gives a good indicator of how concerned a reviewer might need to be, so CRXcavator is built on understanding the implications of the various permissions that are available for an extension to request.” reads the post published by Duo Labs.

“We have categorized and assigned an objective numerical risk score to each permission to help a security team have a metric to use when triaging extension analysis,”.

CRXcavator build a list of sites that the extension makes external requests to, to determine if it they could exfiltrate user data or download malicious payloads. The service analyzes third-party Javascript libraries for vulnerabilities using RetireJS and the Content Security Policy (CSP) of an extension to identify which domains an extension can communicate with.

The service lists externally included JavaScript files and allows to view their source code from within the report, it also scans for potentially dangerous functions and possible “entry points.”

“With all these perspectives included, a CRXcavator report equips a security operations analyst to make a well-informed decision about whether to allow or block an extension,” continues Duo Labs.

In January 2019, the experts made a scan of the Chrome Web Store, they processed 120,463 extensions and apps, and discovered that many of them contained various issues. Most common issued were the lack of a listed privacy policy (84.7%), the support site (77.3%), or the use of vulnerable third-party libraries (31.8%).

Most of the extensions in the Web Store that support Content Security Policies (99%) do not have default-src or connect-src in the CSP defined (these allow developers restrict the external resources the extension can access). Experts pointed out that 78.3% of them do not have a CSP defined,

CRXcavator scans the full Chrome Web Store on an ongoing basis, making it easier than ever for analysts to review and stay updated on the extensions their organization has allowed or are considering allowing.” concludes Duo Labs.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Chrome extensions, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]