Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data: A Security Threat to Millions
Researchers Uncover Widespread Data Leaks and Theft via Malicious Chrome Extensions
A recent investigation has exposed a staggering 300+ Chrome extensions that compromise user data, with some extensions leaking browsing history and others outright stealing sensitive information. The affected extensions have been installed by over 37.4 million users, with approximately 27.2 million users having installed 153 extensions that leak browser history upon installation.
The Research
The research, conducted by Q Continuum, focused on analyzing network traffic generated by Chrome extensions and found that 287 applications transmit user browsing history or search engine results pages (SERP) to external servers. In some cases, this data is exposed to unsecured networks, while in others, it is sent to collection servers for monetization purposes or with malicious intent.
Further analysis revealed connections between the extensions and 32 entities, including known distributors of spyware extensions. The researcher suspects that a data broker may be directly involved in the monetization of these applications, rather than the extension developers themselves.
Malicious Behavior of Chrome Extensions
In a separate report, LayerX detailed the malicious behavior of 30 Chrome extensions with over 260,000 installations. These extensions, posing as AI assistance tools, shared a common internal structure, JavaScript logic, permissions, and backend infrastructure, indicating a single, coordinated operation. One of the extensions was found to render a full-screen iframe pointing to a remote domain, allowing attackers to load remote content and manipulate the UI directly. The extension also extracted data from the active tab, supported message-triggered voice recognition, and included explicit tracking pixel scripts.
Notably, 15 extensions specifically targeted Gmail, extracting content and transmitting it to third-party infrastructure. The findings highlight the need for users to exercise caution when installing Chrome extensions and for developers to prioritize user data security.
Conclusion
The discovery of these malicious extensions serves as a reminder of the importance of vigilant cybersecurity practices, particularly in the context of browser extensions. Users are advised to carefully review the permissions and functionality of installed extensions and to report any suspicious activity to the relevant authorities.
According to the researchers, the findings highlight the need for users to exercise caution when installing Chrome extensions and for developers to prioritize user data security.
About Author
English