Fake Errors and Bad Extensions: The Latest Browser Threats

Researchers have uncovered new safety concerns in Google Chrome

When you’re on the web doing some reading, shopping, or any other online activity, your browser is probably the last thing you’re thinking about. Web browsers—including the “big four” of Chrome, Edge, Safari, and Firefox—operate silently in the background, and don’t usually come to mind unless you experience web pages not loading, or you’ve decided to add some new browsing features to improve functionality.

It’s important, however, to stay aware of browser-related safety concerns. Researchers have recently uncovered a couple such threats that could affect millions of web users. Both happen to target Google Chrome, which is by far the most popular web browser in the world. But even if you don’t currently use Chrome, it’s worth understanding these issues, as similar ones inevitably show up on other browser platforms.

Let’s look at the two of the latest browser-related security problems, along with tips on how to keep yourself safe when browsing the web.

Problem: Fake error messages

According to recent reports, cybersecurity researchers have discovered a fake error warning in Google Chrome. Some users are seeing what appears to be an authentic Chrome pop-up window, with a message at the top stating “Something went wrong while displaying this webpage,” or similar. Below that message, the window includes a list of instructions on how to fix the “error.” It’s actually a front for malware.

If you see a pop-up like this and click through the fraudulent instructions, you’ll be essentially giving cybercriminals access to your PC, allowing them to plant malicious software designed to steal your personal information. There’s a telltale sign that this pop-up window is a scam: One of the instructions involves the running of “Windows PowerShell,” a computer program from Microsoft. Chrome never asks users to run this program as part of any legitimate fix.

Here are a few of Google’s tips for avoiding malware like this:

• • Keep your computer’s operating system up to date, as each new version typically includes the latest security fixes. If available, turn on automatic updates.
• • If possible, avoid clicking inside any unexpected pop-up windows, even if they appear to be from a legitimate source. Simply close the window.
• • Install and use an antivirus program to run regular scans of your computer for malware.

Problem: Harmful browser extensions

Researchers from Stanford University and the CISPA Helmholtz Center for Information Security estimate that between mid 2020 and early 2023, roughly 280 million Google Chrome users installed extensions from the Google Chrome Store that were found to contain malware.

A browser extension is a software application that you can add to your web browser to improve its functionality. Some extensions are created by the browser platforms themselves; most are offered by third-party developers. All are built on what’s called a permissions model—they require permission from the user to access certain information like browsing history, physical location, or data on websites visited by the user.

Extensions are a great way to get more out of your online experience. Unfortunately, as the new research shows, they’re also a vehicle for bad actors to exploit. Among the countless legitimate extensions available in places like the Google Chrome Store are malicious ones designed to sneak malware or spyware onto your device, or steal passwords or other data.

Google claims the issue is not widespread. Its Security Blog states that in 2024, “less than 1% of all installs from the Chrome Web Store were found to include malware.” It also says Google has a dedicated team that reviews extensions before they’re offered on the Chrome Web Store, and continually monitors them.

Regardless, there are things you can do to be better protected from unsafe extensions. These include:

• • In Chrome, turn on Enhanced Safe Browsing. It’s designed to help protect you against harmful extensions and other threats.
• • Never install an extension without doing at least a little research about the application and its developer. Read reviews and visit the developer’s website to check legitimacy.
• • If possible, don’t give an extension unlimited permission to work on every website, only on select sites. And if you have extensions you’re no longer actively using, uninstall them. (In Chrome, you can manage extensions by visiting the chrome://extensions page.)

Malware is just one of the many cyberthreats present in our daily lives. For a full range of measures to help keep hackers, scammers, and other bad actors from accessing your personal information, consider comprehensive privacy and identity coverage like IDX’s Complete Plan.