Millions of Chrome users face data leak risk from hacked extensions.

Your web browser is a miniature ecosystem that stores sensitive information like passwords, search history, credit card numbers, and addresses. As with any ecosystem, it is vulnerable to attacks from malicious apps and services that can compromise the data stored within it.

A recent security campaign has targeted browser extensions, compromising 36 of them and putting 2.6 million Chrome users at risk of having their browsing data and account credentials exposed.

Enter the giveaway by signing up for my free newsletter.

How hackers are targeting browser extensions

Over 2.6 million users are at risk of data exposure and credential theft due to hackers exploiting browser extensions as a gateway to steal sensitive user data through various methods, as reported by The Hacker News.

Phishing campaigns target legitimate extension publishers on platforms like the Chrome Web Store, tricking developers into granting permissions to malicious applications that insert harmful code into popular extensions, stealing user data such as cookies and access tokens.

Cyberhaven, a cybersecurity firm, was the first to reveal the campaign. On December 24, one of their employees fell victim to a phishing attack, which allowed the threat actors to publish a harmful version of the extension.

Malicious browser extensions, if published and approved by the Chrome Web Store, can put millions of users at risk of data theft. These extensions can be used by attackers to steal browsing data, monitor user activity, and bypass security measures such as two-factor authentication.

Developers may unknowingly include data-gathering code in monetization software development kits, making it difficult to determine whether a compromise is due to a hacking campaign or intentional inclusion by the developer.

Remove these extensions from your web browser

Secure Annex has launched an investigation into the hacking campaign and discovered over twenty additional compromised extensions. It is crucial to remove any of the listed extensions from your browser to safeguard your data.

1. AI Assistant - ChatGPT and Gemini for Chrome
2. Bard AI Chat Extension
3. GPT 4 Summary with OpenAI
4. Search Copilot AI Assistant for Chrome
5. TinaMInd AI Assistant
6. Wayin AI
7. VPNCity
8. Internxt VPN
9. Vindoz Flex Video Recorder
10. VidHelper Video Downloader
11. Bookmark Favicon Changer
12. Castorus
13. Uvoice
14. Reader Mode
15. Parrot Talks
16. Primus
17. Tackker - online keylogger tool
18. AI Shop Buddy
19. Sort by Oldest
20. Rewards Search Automator
21. ChatGPT Assistant - Smart Search
22. Keyboard History Recorder
23. Email Hunter
24. Visual Effects for Google Meet
25. Earny - Up to 20% Cash Back
26. Cyberhaven security extension V3
27. GraphQL Network Inspector
28. Vidnoz Flex - Video recorder & Video share
29. YesCaptcha assistant
30. Proxy SwitchyOmega (V3)
31. ChatGPT App
32. Web Mirror
33. Hi AI

The removal of malicious extensions from the Chrome Web Store does not completely eliminate the risk of hackers accessing your data, as they can still do so if the extensions are kept installed. Secure Annex has created a public Google Sheet detailing the malicious extensions it has found so far, including whether they have been updated or removed. They are also continuously adding new extensions to the list as they are discovered.

How to remove an extension from Google Chrome

To remove an extension from Google Chrome, follow these steps: 1. Open Google Chrome. 2. Click on the three dots in the top right corner of the browser window. 3. Select "More tools" and then "Extensions." 4. Find the extension you want to remove and click on the "Remove" button. 5. Confirm the removal by clicking on "Remove" again. 6. Restart your browser.

• To access the puzzle icon in Chrome, click on the top-right corner of the browser.
• You can now see all the active extensions in Chrome. To remove an extension, click the three dots icon next to it and select "Remove from Chrome."
• Click Remove to confirm

7 ways to stay safe from malicious software

Before clicking on links or emails, verify their authenticity to avoid falling victim to phishing attacks that impersonate trusted entities. These emails often create a false sense of urgency and can lead to clicking on malicious links. Always double-check the sender's email address and go directly to the official website if in doubt.

To safeguard yourself from malicious links and malware, it is crucial to have strong antivirus software installed on all your devices. These tools can detect and block malicious code, even if it has been embedded in browser extensions. The best way to protect yourself from phishing emails and ransomware scams is to have antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.

Be careful when granting browser extension permissions. Not all requests are necessary, and some extensions may ask for access to sensitive data like browsing history, cookies, or account information. Review each extension's permissions and deny any that seem excessive. Choose extensions with limited access to protect your data.

Only install necessary extensions and regularly review and remove unused ones.

Ensure your browser is always up-to-date by enabling automatic updates. This will protect you from security vulnerabilities exploited by malicious software. For a detailed guide on how to update Google Chrome, check out my guide.

Periodically review and remove any unnecessary or potentially risky extensions from your installed extensions.

Notify the official browser extension marketplace of any suspicious extensions you come across.

Kurt’s key takeaway

Browser extensions have become a new favorite target for hackers, and the recent discovery of over 35 compromised Chrome extensions, putting 2.6 million users at risk, highlights the need for caution. To protect your data, it is crucial to remove any suspicious extensions. This incident also raises questions about the effectiveness of Google's Chrome Web Store review process, as even trusted platforms can be exploited.

Please inform us at Cyberguy.com/Contact how frequently you review and remove unused or suspicious browser extensions.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.