Chrome Risk: Millions Use Invisible Espionage Extensions
- Security researchers have uncovered a network of 57 hidden Chrome extensions, collectively installed by over 6 million users, that secretly collect browser data. These add-ons, absent from...
- These extensions are not readily discoverable through typical search methods or the Chrome Web Store.
- Among the more popular examples are "Cuponomia: Coupons and Cashback," boasting over 700,000 users, and "Fire Shield extension Protection" and "Total Safety for Chrome," each with over...
Table of Contents
Security researchers have uncovered a network of 57 hidden Chrome extensions, collectively installed by over 6 million users, that secretly collect browser data. These add-ons, absent from the Chrome Web Store and requiring extensive permissions, pose a notable privacy risk, according to the analysis.
Invisible Threats: Chrome Extensions Operating in the Shadows
These extensions are not readily discoverable through typical search methods or the Chrome Web Store. Installation requires direct knowledge of the specific URL, making their presence even more concerning. Once installed, these extensions demand broad permissions, including access to browsing history, cookies, and the ability to execute javascript on visited websites.
Among the more popular examples are “Cuponomia: Coupons and Cashback,” boasting over 700,000 users, and “Fire Shield extension Protection” and ”Total Safety for Chrome,” each with over 300,000 installations.
john Tuckner,a researcher at Secure Annex,detailed the questionable nature of these extensions in a recent analysis. While many masquerade as security tools or offer seemingly useful features, thay often fail to deliver on these promises. Rather, they contain obfuscated code designed to collect browsing details and transmit it to external servers, Tuckner reported.
“these extensions can perhaps monitor the entire surfing behavior and access stored cookies and are therefore remotely controlled,” Tuckner stated in his analysis.
Mysterious Distribution and google’s “Featured” Badge
The widespread adoption of these hidden extensions raises questions about their distribution methods. Experts speculate that they may be spread through deceptive advertising or bundled with unwanted software. Adding to the concern, some of these extensions even bear Google’s “featured” badge, typically reserved for trustworthy and reputable add-ons.
Protecting Yourself: Steps for Chrome Users
Users who suspect they may have installed one of these extensions are advised to remove them promptly and change passwords for sensitive online accounts. A public list of the suspicious add-ons is available for review. This finding underscores the importance of exercising caution when installing browser extensions and carefully reviewing the permissions they request.
Q: What’s happening with Chrome extensions that users should know about?
A: Security researchers have discovered a network of 57 hidden Chrome extensions that secretly collect user data. These extensions have been installed by over 6 million users, posing a important privacy risk. Teh main problem is that these add-ons collect your browsing data without your explicit knowledge.
Q: How are these malicious extensions different from regular Chrome extensions?
A: The key difference is that these extensions aren’t found in the Chrome Web Store. They require users to install them directly, often through a specific URL.This makes them harder to detect. they also demand extensive permissions, like access to your browsing history, cookies, and the ability to run code on websites you visit.
Q: How do these hidden extensions operate?
A: Once installed, these extensions collect data about your browsing habits. Many are disguised as security tools or promise helpful features, but they actually contain hidden code designed to gather data and send it to external servers. They can monitor your online activity and possibly access sensitive information.
Q: Can you give specific examples of these harmful extensions?
A: Yes. Some of the more widely-used extensions include “Cuponomia: Coupons and Cashback”, boasting over 700,000 users. also,”Fire Shield extension Protection” and “Total Safety for Chrome,” each with over 300,000 installations,have been identified.
Q: How are these extensions being distributed?
A: The exact methods are still under examination, but experts suspect distribution through deceptive advertising or bundling them with other software.
Q: What’s particularly concerning about these extensions?
A: Some of these malicious extensions even bear Google’s “featured” badge. This badge is typically reserved for trusted and reputable add-ons,which can mislead users into believing they’re safe.
Q: What kind of data are these extensions collecting?
A: The extensions can potentially monitor your entire browsing activity and access stored cookies. This includes your browsing history, the websites you visit, the content you interact with, and potentially even your login credentials if they are not secured.
Q: How can I check if I have any of these malicious extensions installed?
A: Sadly,there isn’t a one-size-fits-all solution as the extensions are hidden. However, users are advised to remove any unknown or suspicious extensions immediately. It’s also recommended to review a list of suspicious add-ons (the provided content says a public list is available, but does not link to it) to see if you have installed any of them.
Q: What should I do if I find a hidden extension on my Chrome?
A: Immediately remove the extension. after removal, it’s crucial to change the passwords for all your sensitive online accounts like email, banking, and social media.
Q: What steps can I take to protect myself from malicious Chrome extensions in the future?
A: Always exercise caution when installing browser extensions. Carefully review the permissions requested by any extension before installing it. Only install extensions from trusted sources, and be wary of any add-on that requests excessive access to your data.