Your web browser is its own ecosystem. It stores your passwords, search history, financial data such as credit card numbers, addresses and more. Just as malicious apps and services can compromise data on your phone or PC, malicious extensions can expose the data stored in your browser.
There are a lot of extensions that do more harm than good. Security researchers have just discovered a dangerous new campaign going after browser extensions. About 36 extensions have been compromised so far, putting more than 2.6 million Chrome users at risk of having their browsing and account information exposed.
I’M GIVING AWAY THE LATEST AND BEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
A person using a Chrome browser extension (Kurt “CyberGuy” Knutsson)
How hackers target browser extensions
Hackers abuse browser extensions as a gateway to steal sensitive user data through various methods. These compromised extensions expose more than 2.6 million users to data exposure and credential theft, as reported by The hacker news.
A common attack involves phishing campaigns that target the publishers of legitimate extensions on platforms such as the Chrome Web Store. In these campaigns, attackers trick developers into granting permission to malicious applications, which then insert malicious code into popular extensions. This code can steal cookies, access tokens and other user data.
The first company to shed light on the campaign was cybersecurity firm Cyberhaven, one of whose employees was targeted in a phishing attack on December 24, allowing the threat actors to publish a malicious version of the extension.
Once these malicious extensions are published and pass the Chrome Web Store security assessment, they are made available to millions of users, putting them at risk of data theft. Attackers can use these extensions to exfiltrate browsing data, monitor user activity, and even bypass security measures such as two-factor authentication.
In some cases, developers themselves may unknowingly include data collection code as part of a monetization software development kit, which surreptitiously exfiltrates detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or an intentional inclusion by the developer.
Image of a Chrome browser on a mobile phone (Kurt “CyberGuy” Knutsson)
HUGE SECURITY Flaw PUT MAC’S MOST POPULAR BROWSERS AT RISK
Remove these extensions from your web browser
The security platform for browser extensions Secure attachment has started its own investigation into this hacking campaign. So far, it has discovered more than twenty additional compromised extensions, which are listed below. If you have one of the compromised extensions from Secure Annex’s investigation installed on your browser, it is essential to remove it immediately to protect your data.
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI chat extension
- GPT 4 Summary with OpenAI
- Search for Copilot AI Assistant for Chrome
- TinaMINd AI assistant
- Away from AI
- VPNCity
- Internal VPN
- Vindoz Flex VCR
- VidHelper video downloader
- Bookmark Favicon Changer
- Castorus
- Vote
- Reader mode
- Parrot talks
- Primus
- Takker – online keylogger tool
- AI Shopping Friend
- Sort by oldest
- Rewards Search Automator
- ChatGPT Assistant – Smart Search
- Keyboard history recorder
- Email Hunter
- Visual effects for Google Meet
- Earn – Up to 20% cash back
- Cyberhaven Security Extension V3
- GraphQL Network Inspector
- Vidnoz Flex – Video Recorder and Video Sharing
- YesCaptcha assistant
- Proxy switchOmega (V3)
- ChatGPT app
- Web mirror
- Hello AI
Keeping these extensions installed is a serious risk, as hackers can still access your data even if the malicious version is removed from the Chrome Web Store. Secure Annex is still investigating and has shared a message public Google Sheet with details about the malicious extensions it has found so far, such as whether they have been updated or removed. They also add new extensions to the list as they discover them.
THE WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
How to remove an extension from Google Chrome
If you have any of the above-mentioned extensions installed in your browser, remove them as soon as possible. Follow these steps to remove an extension from Google Chrome:
- Open Chrome and click on the icon that resembles a piece of a puzzle. You’ll find it in the top right corner of the browser.
- You can now see all active extensions. Click on the three dots icon next to the extension you want to remove and select Remove from Chrome.
- Click To delete to confirm
Steps to remove an extension from Google Chrome (Kurt “CyberGuy” Knutsson)
BEST ANTIVIRUS FOR MAC, PC, iPhoneS AND ANDROIDS – CYBERGUY-PICKS
7 ways to stay safe from malicious software
1) Check emails and links before clicking: Many attacks start with phishing emails posing as trusted entities such as Google Chrome Web Store Developer Support. These emails often create a false sense of urgency and encourage you to click on malicious links. Always check the sender’s email address and don’t click on links without double-checking their authenticity. If you are in doubt, go directly to the official website instead of using the link provided.
2) Use powerful antivirus software: Having strong antivirus software is an essential line of defense against malicious software. These tools can detect and block malicious code even if it is embedded in browser extensions. The best way to protect yourself from malicious links that install strong malware and potentially gain access to your private data is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware attacks, keeping your personal data and digital assets safe. Discover my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices.
3) Limit extension permissions: Be careful about the permissions you grant to browser extensions. Many require access to sensitive data such as browsing history, cookies, or account information, but not all requests are necessary. Check what each extension asks for and deny permissions that seem excessive. If possible, choose extensions with limited access to ensure your data remains protected.
4) Limit the number of extensions: Only install extensions that are really necessary and regularly check and remove extensions that are no longer in use.
5) Keep your browser up to date: Always update your browser to the latest version. Updates often include critical security patches that protect against vulnerabilities exploited by malicious software. Using an outdated browser increases the risk of being the target of attacks that could have been prevented with a simple update. Enable automatic updates to ensure you’re always protected. If you’re not sure how to update your browser, check out my detailed guide for Google Chrome.
6) Check your extensions regularly: Perform periodic reviews of installed extensions and remove any extensions that are unnecessary or pose potential security risks.
7) Report suspicious extensions: If you come across a suspicious extension, report it to the official browser extension marketplace.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK WITH ALL YOUR TECH DEVICES
Kurt’s most important takeaway
Hackers are getting smarter and browser extensions have become a new favorite target for stealing sensitive data. The discovery of more than 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protect your data. This also puts Google’s Chrome Web Store review process under scrutiny, proving that even trusted platforms can be exploited.
How often do you check and remove unused or suspicious browser extensions? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter.
Ask Kurt a question or let us know which stories you would like us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
