Web browsers are ecosystems unto themselves. It stores your passwords, search history, credit card numbers, address, and other financial details. Just as malicious apps and services can compromise data on your phone or PC, malicious extensions can expose data stored in your browser.
There are a lot of extensions out there that do more harm than good. In fact, security researchers have just discovered a dangerous new campaign targeting browser extensions. Approximately 36 extensions have been compromised to date, putting over 2.6 million Chrome users at risk of having their browsing data and account credentials compromised.
We’re giving away the latest and greatest Airpods Pro 2
Sign up to enter our giveaway free newsletter.
People using Chrome browser extensions (Kurt “Cyber Guy” Knutson)
How hackers target browser extensions
Hackers exploit browser extensions as gateways to steal sensitive user data in a variety of ways. According to a report, these compromised extensions exposed more than 2.6 million users to data breaches and credential theft. hacker news.
One common attack is a phishing campaign targeting legitimate extension publishers on platforms such as the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious applications and inject harmful code into popular extensions. This code can steal cookies and access tokens and other user data.
The campaign was first disclosed by cybersecurity company Cyberhaven, which said one of its employees was targeted in a phishing attack on December 24th, when the attackers published a malicious version of the extension. made it possible to do so.
Once these malicious extensions are published and pass Chrome Web Store security review, they become available to millions of users, putting them at risk for data theft. Attackers can use these extensions to steal browsing data, monitor user activity, and even bypass security measures such as two-factor authentication.
In some cases, developers themselves may have unknowingly included data collection code as part of their monetization software development kits, secretly leaking detailed browsing data. This makes it difficult to determine whether a breach is the result of a hacking campaign or a deliberate inclusion by a developer.
Image of Chrome browser on mobile phone (Kurt “Cyber Guy” Knutson)
Massive security flaw puts the most popular browser on MAC at risk
Please remove these extensions from your web browser
Browser extension security platform secure annex has launched its own investigation into this hacking activity. So far, more than 20 additional compromised extensions have been discovered and are listed below. If you have any compromised extensions listed in the Secure Annex study installed on your browser, it is important to remove them immediately to protect your data.
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- Overview of GPT 4 with OpenAI
- Find Copilot AI Assistant for Chrome
- TinaMInd AI Assistant
- Weiin AI
- VPN City
- Internet VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- bookmark favicon changer
- castrus
- uvoice
- reader mode
- parrot story
- Primus
- Tacker – Online Keylogger Tool
- AI shop buddy
- Sort by oldest
- Reward Search Autometer
- ChatGPT Assistant – Smart Search
- keyboard history recorder
- mail hunter
- Google Meet visual effects
- Earn – up to 20% cashback
- Cyberhaven Security Extensions V3
- GraphQL Network Inspector
- Vidnoz Flex – Video recorder and video sharing
- yes capture assistant
- Proxy SwitchyOmega (V3)
- ChatGPT app
- web mirror
- Hello, A.I.
Leaving these extensions installed is a significant risk because even if the malicious version is removed from the Chrome Web Store, hackers can still access your data. Secure Annex is still under investigation. Public Google Sheets See details about malicious extensions discovered so far, including whether they have been updated or removed. We also add new extensions to the list as we discover them.
World’s largest stolen password database uploaded to criminal forum
How to remove extensions from Google Chrome
If you have any of the above extensions installed on your browser, please remove them as soon as possible. To remove extensions from Google Chrome, follow these steps:
- Open Chrome and, Icon that looks like a puzzle piece. It’s in the top right corner of your browser.
- All active extensions will now be displayed. Click. three dots icon Select next to the extension you want to remove Remove from Chrome.
- click remove confirm
Steps to remove extensions from Google Chrome (Kurt “Cyber Guy” Knutson)
Best antivirus software for MAC, PC, iPhone, and Android – Cyberguy’s pick
7 ways to protect yourself from malicious software
1) Please check your email and link before clicking. Many attacks start with Phishing email Impersonate a trusted entity, such as Google Chrome Web Store Developer Support. Such emails often create a false sense of urgency and encourage you to click on malicious links. Always check the sender’s email address and never click on a link without double-checking its authenticity. If in doubt, do not use the link provided and go directly to the official website.
2) Use strong antivirus software. Using strong antivirus software is an important line of defense against malicious software. These tools can detect and block malicious code, even when embedded in browser extensions. The best way to protect yourself from malicious links that can install powerful malware and access your personal information is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2025 for Windows, Mac, Android, and iOS devices.
3) Restrict extension permissions. Be careful about the permissions you grant to browser extensions. Access to sensitive data such as browsing history, cookies, and account information is often required, but not all requests are necessary. Check what each extension requests and deny any permissions that seem excessive. If possible, choose extensions with limited access to ensure your data is protected.
4) Limit the number of extensions. Install only the extensions you really need, and check regularly to uninstall extensions you no longer use.
5) Keep your browser updated. Please always update your browser to the latest version. Updates often contain important security patches that protect against vulnerabilities exploited by malicious software. Using an outdated browser increases your risk of becoming a target for attacks that could be prevented with a simple update. Enable automatic updates to ensure you’re always protected. If you don’t know how to update your browser, check out my article. Detailed guide to Google Chrome.
6) Audit your extensions regularly. Regularly review installed extensions and remove extensions that are unnecessary or pose a potential security risk.
7) Report suspicious extensions. If you find any suspicious extensions, please report them to the official browser extension marketplace.
Cart important points
Hackers are getting smarter and browser extensions are a new target for stealing sensitive data. The discovery of over 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protect your data. This also brought scrutiny to Google’s Chrome Web Store review process, proving that even trusted platforms can be exploited.
Email us at How often do you check for and remove unused or suspicious browser extensions? Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask Kurt a question or let us know your story you’d like us to cover.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
