Your web browser is its own ecosystem. It stores your passwords, search history, and financial details such as credit card numbers, addresses, and more. Just as malicious apps and services can compromise data on your phone or computer, malicious extensions can expose data stored in your browser.
There are a lot of additives that do more harm than good. In fact, security researchers have just discovered a dangerous new campaign going after browser extensions. So far, about 36 extensions have been compromised, putting more than 2.6 million Chrome users at risk of exposing their browsing data and account credentials.
Introducing the latest and greatest AIRPODS PRO 2
Enter the giveaway by signing up for my account Free newsletter.
Someone using a Chrome browser extension (Kurt “CyberGuy” Knutson)
How hackers target browser extensions
Hackers exploit browser extensions as a gateway to steal sensitive user data through a variety of methods. These compromised extensions expose more than 2.6 million users to expose data and steal credentials, reports Hacker News.
One common attack involves phishing campaigns targeting legitimate extension publishers on platforms like the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious apps, which then inject malicious code into popular extensions. This code can steal cookies, access codes, and other user data.
The first company to highlight the campaign was cybersecurity firm Cyberhaven, one of whose employees was targeted by a phishing attack on December 24, allowing threat actors to deploy a malicious version of the extension.
Once these malicious extensions are deployed and pass the Chrome Web Store security review, they become available to millions of users, putting them at risk of data theft. Attackers can use these extensions to filter browsing data, monitor user activity, and even bypass security measures such as two-factor authentication.
In some cases, developers themselves may unwittingly include data collection code as part of their monetization software development kit, which surreptitiously leaks detailed browsing data. This makes it difficult to determine whether the compromise was the result of a hacking campaign or a deliberate inclusion by the developer.
An image of the Chrome browser on a mobile phone (Kurt “CyberGuy” Knutson)
A massive security vulnerability that puts most popular browsers on Mac at risk
Remove these extensions from your web browser
Browser extension security platform Safe Supplement It launched its own investigation into this hacking campaign. So far, it has detected more than twenty additional compromised extensions, which are listed below. If you have any of the compromised extensions listed in the Secure Annex investigation installed on your browser, it is imperative that they be removed immediately to protect your data.
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI chat extension
- GPT 4 summary with OpenAI
- Find Copilot AI Assistant for Chrome
- TinaMINd AI Assistant
- Artificial intelligence method
- VPNCity
- Internext VPN
- Windows Flex video recorder
- VidHelper video downloader
- Bookmark favicon changer
- Castoros
- voice
- Reader mode
- Parrot talks
- Primus
- Tackker – online keylogger
- Ai Friends Shop
- Sort by oldest
- Automated search rewards
- ChatGPT Assistant – Smart Search
- Keyboard history recorder
- Email Hunter
- Google Meet visual effects
- Earny – up to 20% cashback
- Cyberhaven V3 Security Extension
- GraphQL network inspector
- Vidnoz Flex – Video Recorder and Video Sharing
- Yes, Captcha Assistant
- SwitchyOmega Proxy (V3)
- ChatGPT application
- Web mirror
- Hi Ai
Keeping these extensions installed is a high risk as hackers can still access your data even if the malicious version is removed from the Chrome Web Store. Secure Annex is still under investigation and has shared a file Public Google Sheet With details about the malicious extensions found so far, such as whether they have been updated or removed. They also add new accessories to the list as they discover them.
The world's largest database of stolen passwords has been uploaded to the Forensic Forum
How to remove an extension from Google Chrome
If you have installed one of the above extensions on your browser, remove them as soon as possible. To remove an extension from Google Chrome, follow these steps:
- Open Chrome And click on The icon looks like a piece of a puzzle. You will find it in the upper right corner of the browser.
- You can see all active extensions now. Click Three dots icon Next to the extension you want to remove and select it Remove from Chrome.
- Click Removes To confirm
Steps to remove the extension from Google Chrome (Kurt “CyberGuy” Knutson)
BEST ANTIVIRUS SOFTWARE FOR MAC, PC, IPHONES AND ANDROID – CYBERGUY'S PICKS
7 ways to stay safe from malware
1) Check emails and links before clicking: Many attacks begin with Phishing Emails Which impersonates trusted entities such as Google Chrome Web Store Developer Support. These emails often create a false sense of urgency, urging you to click on malicious links. Always check the sender's email address and avoid clicking on links without double-checking their authenticity. When in doubt, go directly to the official website instead of using the link provided.
2) Use powerful antivirus software: Having a strong antivirus program is an essential line of defense against malware. These tools can detect and block malicious code, even if it is built into browser extensions. The best way to protect yourself from malicious links that install powerful malware, and potentially access your private information, is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS.
3) Limit extension permissions: Be careful about the permissions you grant to browser extensions. Many of them require access to sensitive data such as browsing history, cookies, or account information, but not all requests are necessary. Review what each extension requests and deny permissions that seem excessive. If possible, choose extensions with limited access to ensure your data stays protected.
4) Limit the number of extensions: Only install plugins that are actually required, and regularly review and uninstall plugins that are no longer in use.
5) Keep your browser updated: Always update your browser to the latest version. Updates often include important security patches that protect against vulnerabilities exploited by malware. Using an outdated browser increases your risk of attacks that could have been prevented with a simple update. Enable automatic updates to make sure you're always protected. If you're not sure how to update your browser, see my file A detailed guide to Google Chrome.
6) Review your accessories regularly: Perform periodic reviews of installed extensions and remove any that are unnecessary or pose potential security risks.
7) Report suspicious add-ons: If you encounter a suspicious extension, report it to the official browser extension marketplace.
Subscribe to the KURT YouTube channel for quick video tips on how to do all your tech gadgets
Key takeaway for Kurt
Hackers are becoming smarter, and browser extensions have become a new favorite target for stealing sensitive data. The discovery of more than 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protecting your data. This also puts the Google Chrome Web Store review process under the microscope, proving that trusted platforms can be exploited.
How often do you review and remove unused or suspicious browser extensions? Let us know by writing to us at Cyberguy.com/Contact.
For more tech tips and security alerts, sign up for the free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you'd like us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked questions about CyberGuy:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
