A well-known cybersecurity researcher has sounded the alarm after discovering that at least 35 Chrome extensions—collectively downloaded over 4 million times—contain hidden spyware or information-stealing components. This revelation has once again highlighted users’ ongoing risks when installing browser add-ons, even from seemingly trusted sources like the Chrome Web Store.

Spyware Hidden in Plain Sight

The researcher, who disclosed the findings on a cybersecurity forum and has chosen to remain anonymous for now due to the sensitive nature of the investigation, found that these extensions were secretly collecting user data and sending it to remote servers. The data includes browsing history, search terms, personally identifiable information (PII), and, in some cases, login credentials.

Many of the affected extensions appeared to offer useful functionality, such as file converters, ad blockers, shopping assistants, and productivity tools. However, buried within the code were obfuscated scripts designed to extract user data and transmit it without consent.

Millions of Users at Risk

The total number of downloads—more than 4 million—suggests a widespread breach of user privacy. While Google has not yet released an official statement, it is expected that many of these extensions will be removed from the Chrome Web Store as investigations progress.

For users who may have installed one or more of the suspicious extensions, the risks include:

  • Unauthorized data tracking and sale to third parties
  • Increased exposure to phishing attacks
  • Potential account takeovers through stolen credentials

The Ongoing Challenge of Extension Security

Browser extensions have long been a weak point in cybersecurity. While Chrome and other browsers have implemented tighter policies and vetting processes, malicious actors continue to find ways to sneak harmful code past detection. Often, extensions are updated with malicious code after gaining a user base, relying on the fact that most users won’t review the permissions or code changes in subsequent versions.

Security experts point out that the permissions requested by many extensions are overly broad, often including access to “read and change all your data on the websites you visit.” This makes it easy for a bad actor to collect sensitive information or manipulate content viewed by the user.

What You Can Do

To protect yourself, cybersecurity professionals recommend the following steps:

  1. Audit Your Extensions: Regularly review your browser extensions and uninstall any that you don’t use or that seem suspicious.
  2. Check Permissions: Be wary of extensions that ask for unnecessary permissions.
  3. Stick to Well-Known Developers: Even this is not foolproof, but reputable developers are less likely to include malicious code.
  4. Use Security Tools: Consider browser-based security plugins or endpoint protection tools that monitor for suspicious behavior.

A Wake-Up Call

This latest discovery serves as a wake-up call for both users and platform providers. While Google is expected to act swiftly, the incident underscores the need for more robust oversight, both automated and manual, of what gets published in extension stores.

As browser extensions continue to be an essential part of the online experience, ensuring they are safe and transparent must remain a priority. In the meantime, users should remain vigilant, skeptical, and informed—because in today’s digital world, privacy and security go hand in hand.

If you need assistance with cybersecurity for your business, we’ve got you covered! Contact us at Computek today!

📞 Call us at 512-869-1155
🌐 Visit: Computekonline.com