Verisign’s research division recently came up with a shocking discovery that nearly half of all DNS queries to root servers are actually done by Google Chrome and other Chromium-based browsers.

The discovery was linked to a standard function that all Chrome and Chromium-related browsers have. Namely, the browsers randomly come up with 3 domain names in order to determine whether a given network will hijack DNS queries or not. The idea is that if two of these three domains return the same IP, then that’s proof of the network capturing domain requests that don’t exist.

This test takes place fairly often: on startup and every time there is a change in the device’s IP and/or DNS settings.

And as a result of the way DNS servers work, these requests go all the way up to the DNS root servers. Furthermore, the requests were found to make up close to half of all queries to the root servers.

Data collected over the course of the past 10 years confirmed the same. According to Verisign’s representatives, there is a direct correlation between the increase in Chrome’s market share and the rise in number of queries that matched Chrome’s pattern.

So at this point, this would make up for an estimated 60 billion queries per day. In other words, half of the DNS traffic of the root servers is in fact used to facilitate a single browser function. And under any other circumstances, this traffic would be an unmistakable DoS (denial of service) attack.

As part of a different study conducted by Johannes Ulrich of Sans Institute, it was discovered that it takes exactly 2,302 authoritative name servers to disable 80% of the world’s internet. That’s a minuscule 0.084% of the total 2.7 million name servers there are.

Furthermore, about 0.35% name servers were determined to be responsible for about 90% of all domain names.  

As per Ulrich, this concentration of name services with just so few providers greatly increases the risk to the infrastructure. A single provider outage could render entire parts of the internet inaccessible.

Australian telecommunications company Telstra provided an excellent example of this just a few weeks back. A perceived denial of service attack actually proved to be the result of a DNS failure. And a little earlier than that, Cloudflare faced very similar issues – on an even larger scale at that.

So as a possible solution, Ulrich suggested that users ought to rely on more than just one DNS provider. In addition, he said running secondary name servers in-house would also help lower the impact of a potential provider outage.

Google Chrome users were hit by an extensive campaign of malware attacks just now. Over a whopping 2 billion users were affected and experts have already dubbed this the worst campaign of its kind yet.

Chrome has about two thirds of the global web browser market share, making it a delicious target for hackers and cybercriminals. And here we are now with a vast 32 million downloads of a dangerous extension that installs spyware on users’ computers.

This is a highly threatening instance and spyware attacks are by no means to be underestimated. This is a type of malicious code designed to steal sensitive information from users, such as passwords, login details and personal data. And just based on the number of downloads alone, the scale of this attack is unlike anything the cybersecurity community has ever witnessed before.

Awake Security were the first to sound the alarm when the attack was discovered, Reuters reports. As per their researchers, the malicious extensions were made available for download in the Chrome store.

Since news of the attack broke, however, Google has taken measures to take down the spyware extensions from the store. And at the time of writing, they have already successfully managed to remove 70 of them.

What the attack looked like

Once successfully having made its way into the victim’s browser, the spyware extension would silently monitor everything that transpired within the browser. Hence, all web usage and browsing activities would be carefully watched by the malware and the information would be transmitted after connecting to a whole range of different websites.

As it turned out, the cybercriminals behind this attack were shielded by an obscene amount of different malicious domains. And in excess of a whopping 15,000 of these domains were purchased from Galcomm, which is an Israeli domain register.

The company has already announced that it had no prior knowledge of the attack and was in no way associated with it.

This certainly wouldn’t be the first time that Google Chrome was hit by an attack of this type in 2020. In fact, in February there were 500 malicious extensions discovered by Duo Security researchers. And these were downloaded millions of times by unsuspecting users. As a result of the attack, Chrome users were redirected to pages infected with all sorts of malware and viruses. And in addition to that, their private information was stolen and uploaded to remote servers belonging to the hackers.

With that in mind, our team here at HowToRemove and other security experts alike highly recommend only downloading browser extensions and add-ons when those are really necessary. We would also advise to avoid installing extensions that require additional permissions from you.

Furthermore, it may be a good idea to reassess the extensions that you currently have in your browser. And if you have extensions that you no longer use, it could be best to remove them.