Google Chrome’s privacy tricks
Kurt Cyberguy explains how to increase your safety and privacy via Google Chrome on your devices when browsing the Internet.
Chrome’s extensions are incredibly useful, whether you want to block ads, monitor the best bids or Improve your examination experience. They can be downloaded from the Chrome web store, which functions like a Play Store, but for extensions. However, the extensions are easier to mimic and turn into malicious software compared to applications.
As we have just reported, over 3.2 million users were sacrificed by violating safety related to 16 malicious expanses of browserspointing out that attackers exploit the tools that seem legitimate to spread malicious software or theft of sensitive data.
Now the safety researchers have discovered a polymorphic attack that allows malicious chrome extensions to convert to other browser extensions, including password managers, crypto banknotes and banking applications, to steal sensitive information.
Continue to read to find out how this attack works and how to protect yourself from it.
Chrome browser on your smartphone (Kurt “Cyberguy” Knutsson)
As the malicious polymorphic attack acts
Safety researchers at Squarex laboratories They found a new attack that allows malicious chrome extensions disguised as legitimate ones, such as password manager, wallet and banking applications, to steal sensitive data. This “polymorphic” attack exploits the Chrome extension system to cheat on users while remaining under the radar.
The attack begins with hackers that transmit what looks like a harmless extension to the Chrome web store. It could also have real features, such as an AI -drive marketing tool to convince users to install it and attach it to their browser.
Once installed, malicious extension scans the victim’s browser for other extensions. It can do this in two ways. If he has a permission to use API “Chrome.Management”, he directly grabbed the list of installed extensions. If not, injecting the code into the websites to check unique files or resources related to certain extensions.
If it finds a targeted extension, such as 1password, malicious expansion is reported to the attacker under control. The attacker then says that the false presentation expanded, disabling it if they allow permits, changing the name and icon and showing a false jump window that looks just like the right thing.
Extension page (Squarex)
Hidden Costs of Free Apps: Your Personal Data
Social engineering worse’s things
In order to steal the beneficiaries of the user, the malicious expansion triggers the false “session expired” when the victim tries to report to the site. This deceives them in thinking that they should re -introduce their credentials for their password or banking application manager. When they do, the stolen data is sent straight to the attackers.
After collecting credentials, the extension returns to the original. Returns the legitimate expansion, doing everything normal so that the victim does not doubt anything. This shows how dangerous malicious chrome extensions can be and why stronger safety measures are needed to protect users.
We reached with Google, and the spokesman said to Cyberguy: “We appreciate the work of the research community and we have received a report. We are constantly investing in ways to improve the safety of the Chrome web -trade and take appropriate measures when we learn about emerging threats.”
What is artificial intelligence (AI)?
Google Chrome extension on a laptop (Kurt “Cyberguy” Knutsson)
Outssmart hackers who stole your identity
5 ways you can protect your personal information
Here are five ways to protect sensitive data and maintain your internet privacy.
1. Follow the browser and extensions updated: Flaged software is a gold mine for cyber -criminal. Errors or security defects in the old versions of your browser or extension can be used to inject a malicious code, stealing data, or take control of your system. They update these vulnerability, making them a critical line of defense. Include automatic updates for your browser (eg Chrome, Firefox, Edge), so you always run the latest version without thinking about it. Look at my guide on Update your devices and apps For more information.
2. Install extensions only from reliable sources: Official browser stores like Chrome Web Store or Firefox supplements have rules and scanning to catch bad actors, but they are not perfect. Extensions from random websites or taking over third parties are far more likely to hide the malicious software or spy software. Keep your official shop for your browser; Do not download the extensions from sketched relationships.
Get a job with Fox on a clicking movement here
3. Have a strong antivirus software: The best way to protect yourself from malicious connections installed by malicious software, which potentially access your private information is to install antiviral software on all your devices. This protection can also alert you of phishing e -Mail and fraud from Ransomware, keeping your personal information and digital assets. Get my elections for the best winners to protect against antivirus 2025 for your Windows, Mac, Android and iOS devices.
4. Update your passwords: Change passwords for all accounts that could be affected by expansion and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts. Get more details about my Best reviewed password managers from 2025. Here.
5. Investment in personal data removal services: If your personal data is stolen by expansion, it is crucial to act quickly to reduce the risk of identity and fraud theft. Although no service promises to remove all your information from the Internet, the removal service is great if you want to constantly monitor and automate the process of removing your data from hundreds of sites continuously over a long period of time. View my top selection here for data removal services.
A massive security flaw puts the most popular browsers on Mac
Kurt’s key step
The malicious extension emphasizes that Google does not do enough to keep the malicious software on the platform. Security researchers pointed out that the Chrome Web Store has no protection against these types of attacks, such as blocking sudden changes in the icon or HTML expansion or at least warning of users when such changes occur. The problem is not limited to the Chrome web store. Play Store also hosts malicious applications from time to time, which affects millions of users. Google must enhance its security efforts and put the privacy of the user in front and the center.
Click here to get the Fox News app
Do you believe Google to hold malicious apps and extensions from his platforms? Let us know by writing us on Cyberguy.com/contact.
For more of my technological tips and security warnings, subscribe to my free newsletter about Cyberguy Report, moving toward Cyberguy.com/newslettter.
Ask the Kurt question or let us know what stories you would like to cover.
Follow Kurt on his social channels:
Answer to the most demanding questions about Cyberguy:
New from Kurt:
Copyright 2025 Cyberguy.com. All rights reserved.
