Your web browser is its own ecosystem. It stores your passwords, search history, financial information like credit card numbers, addresses and more. Just as malicious apps and services can compromise data on your phone or computer, malicious extensions can expose data stored in your browser.
There are a bunch of extensions that do more harm than good. In fact, security researchers have just found a dangerous new campaign that goes after browser extensions. About 36 extensions have been compromised so far, putting more than 2.6 million Chrome users at risk of having their browsing data and account credentials exposed.
I’M GIVING AWAY THE LATEST AND BEST AIRPODS PRO 2
Participate in the giveaway by logging in to my free newsletter.
A person using a Chrome browser extension (Kurt “CyberGuy” Knutsson)
How hackers target browser extensions
Hackers exploit browser extensions as a gateway to steal sensitive user data using a variety of methods. These compromised extensions expose more than 2.6 million users to data exposure and credential theft, according to the report News about hackers.
One common attack involves phishing campaigns targeting publishers of legitimate extensions on platforms such as the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious apps that then inject malicious code into popular extensions. This code can steal cookies, access tokens, and other user data.
The first company to shed light on the campaign was cybersecurity firm Cyberhaven, one of whose employees was the target of a phishing attack on December 24, allowing threat actors to release a malicious version of the extension.
Once these malicious extensions are published and pass the Chrome Web Store’s security review, they are available to millions of users, exposing them to the risk of data theft. Attackers can use these extensions to exfiltrate browsing data, track user activity, and even bypass security measures such as two-factor authentication.
In some cases, the developers themselves may unwittingly include data collection code as part of the monetization SDK, which secretly extracts detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or intentional developer involvement.
Image of the Chrome browser on a mobile phone (Kurt “CyberGuy” Knutsson)
MAJOR SECURITY BLACK THREATS THE MOST POPULAR MAC BROWSERS
Remove these extensions from your web browser
A security browser extension platform Safe plugin has launched its own investigation into this hacking campaign. So far, it has discovered more than twenty additional compromised extensions, which are listed below. If you have any of the compromised extensions listed in Secure Annex’s investigation installed on your browser, it’s important to remove them immediately to protect your data.
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI chat extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMInd AI assistant
- Way’s AI
- VPNCity
- Internxt VPN
- Windows Flex video recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reading method
- Parrot Talks
- Primus
- Tackker – online keylogger tool
- AI Shop Buddy
- Sort by oldest
- Reward Search Automator
- ChatGPT assistant – smart search
- Keyboard history recorder
- Email Hunter
- Visual effects for Google Meet
- Earny – up to 20% cashback
- Cyberhaven Security Extension V3
- GraphQL network inspector
- Vidnoz Flex – Video recorder and video sharing
- YesCaptcha assistant
- Proxy SwitchyOmega (V3)
- ChatGPT application
- Web Mirror
- Hi AI
Keeping these extensions installed is a serious risk because hackers can still access your data even if the malicious version is removed from the Chrome Web Store. Secure Annex is still investigating and has shared a public Google Sheet with details of the malicious extensions it has found so far, such as whether they have been updated or removed. They also add new extensions to the list as they discover them.
WORLD’S LARGEST DATABASE OF STOLEN DATABASE UPLOADED ON CRIMINAL FORUM
How to remove an extension from Google Chrome
If you have installed one of the above extensions on your browser, remove it as soon as possible. To remove the extension from Google Chrome, follow these steps:
- Open Chrome and click on an icon that looks like a puzzle piece. You will find it in the upper right corner of the browser.
- Now you can see all active extensions. Click on three dots icon next to the extension you want to remove and select it Remove from Chrome.
- Click Remove confirm
Steps to remove extensions from Google Chrome browser (Kurt “CyberGuy” Knutsson)
THE BEST ANTIVIRUS FOR MAC, PC, IPHONE AND ANDROID – CYBERGUY CHOICE
7 ways to protect yourself from malware
1) Check email and links before clicking: Many attacks begin with phishing electronic mail which impersonate trusted entities such as Google Chrome Web Store Developer Support. These emails often create a false sense of urgency, inviting you to click on malicious links. Always check the sender’s email address and avoid clicking on links without double-checking their authenticity. If in doubt, go directly to the official website instead of using the link provided.
2) Use powerful antivirus software: Having strong antivirus software is a key line of defense against malware. These tools can detect and block malicious code, even if it is embedded in browser extensions. The best way to protect yourself from malicious links that install powerful malware, potentially accessing your personal information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.
3) Limit extension permissions: Be careful with the permissions you give to browser extensions. Many require access to sensitive data such as browsing history, cookies or account information, but not all requests are necessary. Review what each extension asks for and deny permissions that seem excessive. If possible, opt for extensions with limited access to make sure your data stays protected.
4) Limit the number of extensions: Only install extensions that are truly needed and regularly review and uninstall those that are no longer used.
5) Keep your browser updated: Always update your browser to the latest version. Updates often include critical security patches that protect against vulnerabilities exploited by malware. Using an outdated browser increases the risk of attacks that could have been prevented with a simple update. Enable automatic updates so you’re always protected. If you’re not sure how to update your browser, check out mine a detailed guide to Google Chrome.
6) Check your extensions regularly: Conduct periodic reviews of installed extensions and remove any that are unnecessary or pose a potential security risk.
7) Report suspicious extensions: If you come across a suspicious extension, report it to the official browser extension market.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK WITH ALL YOUR TECH DEVICES
Kurt’s key to the outside
Hackers are getting smarter and browser extensions have become the new favorite target for stealing sensitive data. The discovery of more than 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protect your data. This also puts Google’s Chrome Web Store review process under scrutiny, proving that even trusted platforms can be exploited.
How often do you review and remove unused or suspicious browser extensions? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you want us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
