Chrome users beware: Trend Micro Anti-virus has a security vulnerability in browser extension
Google Chrome is definitely the world’s most popular browser, making it also the most vulnerable when malicious hackers try to get their way around it. In order to curb their malevolent activities, there are several antivirus and security application developers that are making extensions for the browser, but one firm was caught, and thanks to its latest vulnerability, it is putting millions of users in harm’s way. So what is the name of the Google Chrome extension?
Trend Micro’s Password Manager. It is strange to believe that an extension that protects user’s sensitive credentials would be the one with a vulnerability but even the most secure platforms often have an opening that can be found out with relative ease. With the latest vulnerability, an attacker can remotely execute arbitrary code and you will clearly be able to see from the screenshot that all it took was a bit of specially-crafted JavaScript.
However, if you try to look for the Password Manager in the Chrome Web Store, you will not be able to stumble upon it. That is because it is delivered during the installation of their Windows antivirus software or as a standalone application. If you had accidentally or purposely hooked it to your Google Chrome, your browser would eventually be exposing 70 of its APIs to the World Wide Web. Thankfully, the vulnerability was not effectively or actively exploited and the original issue has been fixed completely, at least according to the reports.
Unfortunately, another report states that it is quite easy to bypass the security extension, and something as small as a PDF containing Trojan-like properties will easily be able to do the trick. Sadly, Trend was not the only company that the tech giant Google has called out. Engineers just got finished resolving a similar issue with AVG over their Web TuneUp extension and we should be commending on these employees who go out of their way to seal a vulnerability before a malicious hackers finds out about it.
