Popular YouTube Ad Blocker with 10M+ Installs Harbors Hidden Code Injection Risk
Security researchers discovered that Adblock for YouTube, a Chrome extension with over 10 million installations and a Chrome Web Store Featured badge, contains dormant arbitrary JavaScript execution capabilities. The vulnerability exposes users to potential malicious code injection despite the extension's benign stated purpose.
TL;DR
- Adblock for YouTube (10M+ installs) contains hidden script injection functionality discovered by Island researchers
- The extension holds a Chrome Web Store Featured badge, increasing user trust and adoption risk
- Dormant code suggests potential for future activation or exploitation by threat actors
- Browser extensions remain a high-risk attack surface due to broad system permissions and user trust assumptions
A comprehensive security analysis has exposed a critical vulnerability in Adblock for YouTube, one of the Chrome Web Store's most widely adopted extensions. Researchers at Island identified dormant script injection capabilities embedded within the extension, despite its innocuous purpose of blocking advertisements on YouTube.
With over 10 million active installations and a prominent Featured badge on the Chrome Web Store, this extension represents a significant attack surface. The discovery raises serious questions about the adequacy of Chrome Web Store security review processes and the inherent risks posed by browser extensions that request broad system permissions.
Vulnerability Details and Discovery
- Extension ID cmedhionkhpnakcndndgjdbohmhepckk contains arbitrary JavaScript execution code currently in dormant state
- Island security researchers identified the capability through code analysis, not active exploitation
- The injection mechanism could allow remote code execution with extension-level privileges
- Dormant status suggests either incomplete implementation or intentional delay for future activation
Risk and Trust Implications
- Featured badge status on Chrome Web Store amplifies user trust and installation rates
- Browser extensions operate with elevated permissions, making them high-value attack targets
- 10M+ user base creates substantial potential impact if vulnerability is exploited or activated
- Users typically grant extensions broad permissions without understanding security implications
- Supply chain compromise of trusted extensions represents a persistent threat vector for attackers
Recommendations for Users and Organizations
- Audit installed browser extensions and remove those with unnecessary permissions or questionable provenance
- Implement browser extension policies in enterprise environments to restrict installation to approved extensions
- Monitor extension behavior and permissions changes through security tools and browser telemetry
- Consider native browser ad-blocking features or sandboxed alternatives as safer options
- Report suspicious extensions to Chrome Web Store and security vendors for investigation
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.