287 Chrome Extensions Caught Stealing Browsing Data from 37 Million Users

Massive Data Harvesting Operation Exposed: 287 Chrome Extensions Caught Spying on 37 Million Users

A recent investigation has uncovered a staggering data harvesting operation involving 287 Chrome extensions that have been secretly collecting the browsing data of approximately 37.4 million users. These extensions, often masquerading as harmless tools such as ad blockers or search assistants, have been feeding sensitive user data to a network of global corporations and data brokers.

The Investigation

The research team, led by Q Continuum, employed a man-in-the-middle proxy to detect the malicious extensions, which were found to be sending user data in plain text or using encryption to conceal their activities. Some extensions even waited for users to accept a privacy policy before commencing data collection.

Main Recipients of Stolen Data

The primary recipient of this stolen data is Similarweb, a company linked to extensions with 10.1 million users. Other notable recipients include Alibaba Group, ByteDance, Semrush, and Big Star Labs. However, approximately 20 million installations could not be linked to a specific company, leaving a significant portion of users vulnerable to unknown data collectors.

Implicated Extensions

The investigation revealed that some reputable tools, including Stylish and Ad Blocker, were also implicated in the data harvesting operation. The stolen data includes Google search URLs and user IDs, which can be de-anonymized and linked to real identities.

Expert Analysis

Next Steps

The research team has created a regression model to detect similar malicious activity and has warned users to be cautious when installing extensions.

• Users are advised to be cautious when installing extensions.
• A regression model has been created to detect similar malicious activity.

About Author

Vaibhav

See author's posts