More than 300 Chrome extensions have been identified as threats to user privacy, leaking or stealing sensitive browser data. Security researchers have sounded the alarm over these malicious extensions that have been installed by millions of users worldwide, compromising their data security.
Unmasking the Threat
In a comprehensive study analyzing network traffic from Chrome extensions, researchers uncovered 287 applications that transmit user browsing history and search engine results. The findings reveal that some extensions inadvertently expose data to unsecured networks, while others deliberately send information to data collection servers, either for profit or with harmful intentions.
The scale of this issue is significant, with over 37.4 million users affected. Of these, approximately 27.2 million have installed 153 extensions confirmed to leak browsing history upon installation. The investigation led by researcher Q Continuum also flagged over 200 additional extensions that share author details with the offending apps, raising suspicion about their integrity.
Connections and Implications
Q Continuum’s research suggests that these malicious activities might be orchestrated by data brokers, rather than the extension developers themselves. The extensions have been linked to 32 different entities, with ties to known spyware distributors, indicating a potentially coordinated effort to monetize stolen user data.
In parallel, a report by LayerX has highlighted the malicious actions of 30 Chrome extensions downloaded over 260,000 times. These extensions were found to inject iframes to manipulate content and capture browser data, posing as AI assistance tools. Their uniform internal structure suggests they are part of a well-organized scheme.
Advanced Tactics and Targets
One of these extensions was observed rendering a full-screen iframe to a remote domain, allowing attackers to manipulate the user interface directly. This extension and others like it can extract data from active tabs, use triggered voice recognition, and incorporate tracking pixel scripts.
LayerX’s findings indicate that 15 of these extensions specifically target Gmail users, extracting email content and relaying it to third-party servers. Such targeted attacks underline the sophisticated nature of these threats and the need for heightened vigilance among users.
The revelations about these Chrome extensions underscore the urgent requirement for stricter security measures and user awareness to protect personal data online. As investigations continue, users are advised to scrutinize their installed extensions and prioritize their digital safety.
