A significant data privacy breach has emerged involving 287 Chrome extensions that have illicitly accessed the browsing history of approximately 37.4 million users worldwide. This issue represents a notable privacy concern, affecting around one percent of global Chrome users.
Undercover Data Collection
The discovery was made using an automated system that employs Docker containers and a man-in-the-middle (MITM) proxy to detect unusual network behaviors. This system scrutinizes outgoing traffic from extensions to identify patterns consistent with data exfiltration, such as correlations between data transmission and URL length.
To evade detection, these malicious extensions utilize various obfuscation techniques. Some employ ROT47 encoding, while others use advanced AES-256 encryption combined with RSA key pairs to secure browsing data before transmitting it to remote locations.
Identified Offenders and Data Brokers
Several well-known extensions, including “Poper Blocker,” “Stylish,” and “BlockSite,” have been implicated in the breach. The investigation uncovered numerous data brokers involved in this operation. For instance, Similarweb, a major web analytics company, operates multiple extensions, one of which has a user base of one million.
Further analysis revealed that “Big Star Labs,” potentially linked to Similarweb, controls extensions impacting 3.7 million users. Other entities such as Curly Doggo and Offidocs, along with some Chinese companies, have also been identified as participants in this extensive data collection network.
Risks and Recommendations
The consequences of this data breach extend beyond mere targeted advertising. Sensitive corporate information could be exposed if employees unknowingly install these compromised extensions, as they might capture internal web addresses and other confidential data.
URLs often contain personal identifiers, which could be exploited to target specific individuals. Researchers have set up honeypot traps to track these activities, revealing that multiple IP addresses linked to organizations like Kontera have accessed these data traps, indicating a broader market for the harvested data.
To safeguard personal information, users are urged to review their installed Chrome extensions and remove any identified in the research. With over 240,000 extensions available on the Chrome Web Store, manual verification can be daunting. Security experts advise installing only open-source extensions that allow for code review and being cautious with permission requests during installation.
In light of the findings, the research team has withheld detailed technical information to prevent quick adaptation by malicious actors. For ongoing updates in the cybersecurity realm, consider following trusted sources on platforms like Google News and LinkedIn.
