Hacked Chrome extensions put 2.6 million users at risk of data leaks

Your web browser is its own ecosystem. It stores your passwords, search history, financial information like credit card numbers, addresses and more. Just like malicious apps and services that can corrupt data on your phone or PC, malicious extensions can expose data stored in your browser.

There are a ton of extensions out there that do more harm than good. In fact, security researchers have recently discovered a new malicious campaign that goes after browser extensions. So far, about 36 extensions have been compromised, putting more than 2.6 million Chrome users at risk of having their browsing data and account information exposed.

I’M RELEASING THE LATEST AND GREATEST AIRPODS 2

Enter the giveaway by signing up for mine free newspaper.

How hackers target browser extensions

Hackers exploit browser extensions as a gateway to steal sensitive user data in a variety of ways. These vulnerable extensions expose more than 2.6 million users to data breaches and identity theft, as reported Hacker News.

Common attacks involve phishing campaigns targeting legitimate extension publishers on platforms such as the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious apps, which then inject malicious code into popular extensions. This code can steal cookies, access tokens and other user data.

The first company to shed light on this campaign is the cyber security company Cyberhaven, one of whose employees was the target of a phishing attack on December 24, which allows threat actors to publish a malicious version of the extension.

Once these malicious extensions are published and pass the Chrome Web Store security update, they are made available to millions of users, putting them at risk of data theft. Attackers can use these extensions to extract browsing data, monitor user activity and bypass security measures such as two-factor authentication.

In some cases, developers themselves may unwittingly install data collection code as part of a monetization software development kit, which secretly extracts detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or an intentional installation by a developer.

An image of the Chrome browser on mobile (Kurt “CyberGuy” Knutsson)

MAJOR SECURITY FLAW PUTS MOST POPULAR BROWSES AT RISK ON MAC

Remove these extensions from your web browser

Browser extension security platform Protect the suffix launched its own investigation into the hacking campaign. So far, it has revealed more than twenty other compromised extensions, which are listed below. If you have other vulnerable extensions listed in the Secure Annex investigation installed on your browser, it is important to remove them immediately to protect your data.

1. AI Assistant – ChatGPT and Gemini for Chrome
2. Bard AI chat extension
3. Summary of GPT 4 by OpenAI
4. Search for Copilot AI Assistant for Chrome
5. TinaMInd AI Assistant
6. Wayin AI
7. VPNCity
8. Internxt VPN
9. Vindoz Flex Video Recorder
10. VidHelper Video Downloader
11. Check the Favicon Changer icon
12. Castorus
13. A word
14. Learning mode
15. Parrot Speaks
16. Primus
17. Tackker – online keylogger tool
18. AI Shop Buddy
19. Sort by Oldest
20. Auto Search Rewards
21. ChatGPT Assistant – Smart Search
22. Keyboard history recorder
23. Email Hunter
24. Visual Effects for Google Meet
25. Earnings – Up to 20% Cashback
26. Cyberhaven V3 security extension
27. GraphQL Network Inspector
28. Vidnoz Flex – Video recorder and video sharing
29. Yes Captcha helper
30. Proxy SwitchyOmega (V3)
31. ChatGPT app
32. Web Mirror
33. Hello AI

Keeping these extensions installed is very dangerous as hackers can still access your data even if the malicious version has been taken down from the Chrome Web Store. Secure Annex is still investigating and sharing a Community Google Sheet with details about the malicious extensions we have found so far, such as whether they have been updated or removed. And they add new extensions to the list as they find them.

WORLD’S BIGGEST PASSWORD STORY LOADED FROM A CRIME ORGANIZATION

How to remove an extension from Google Chrome

If you have installed one of the above-mentioned extension in your browser, remove it immediately. To remove the extension from Google Chrome, follow these steps:

• Open Chrome and click on a symbol like a puzzle piece. You will find it in the upper right corner of the browser.
• You can see all active extensions now. Click on three dots icon next to the extension you want to remove and select it Remove from Chrome.
• Click Delete to confirm

Steps to remove extension from Google Chrome (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

7 ways to stay safe from malicious software

1) Verify emails and links before clicking: Many attacks begin phishing emails posing as trusted businesses such as Google Web Store Developer Support. These emails often create a false sense of urgency, encouraging you to click on malicious links. Always verify the sender’s email address and avoid clicking on links without double-checking their authenticity. If in doubt, go directly to the official website rather than using the link provided.

2) Use strong antivirus software: Having strong antivirus software is an important line of defense against malicious software. These tools can detect and block malicious code, even if it is embedded in browser extensions. The best way to protect yourself from malicious links that contain powerful malware, which can access your private information, is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Find my picks for the best antivirus 2025 winners for your Windows, Mac, Android and iOS devices.

3) Limit extension permissions: Be careful about the permissions you give to browser extensions. Many require access to sensitive data such as browsing history, cookies or account information, but not all requests are necessary. Review what each extension requests and deny permissions that seem excessive. If possible, choose extensions with limited access to ensure your data remains secure.

4) Limit the number of extensions: Install only the extensions that are really needed and regularly update and remove the ones that no longer work.

5) Keep your browser updated: Always update your browser to the latest version. Updates often include important security patches that protect against vulnerabilities exploited by malicious software. Using an outdated browser increases the risk of being exposed to attacks that could have been prevented with a simple update. Enable automatic updates to ensure you stay protected. If you’re not sure how to update your browser, check out mine A detailed guide to Google Chrome.

6) Regularly check your extensions: Perform a periodic review of installed extensions and remove any that are not needed or may pose a security risk.

7) Report suspicious extensions: If you come across a suspicious extension, report it to the official browser extension marketplace.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO USE ALL YOUR PRO DEVICES

The key to take Kurt

Hackers are getting smarter, and browser extensions have become a new favorite target for stealing sensitive data. The discovery of more than 35 vulnerable Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an important step in protecting your data. This also puts the Google Chrome Web Store review process under scrutiny, proving that even trusted platforms can be exploited.

How often do you update and remove unused or suspicious browser extensions? Let us know by writing to us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter by going to Cyberguy.com/Newsletter.