Browser extensions put millions of Google Chrome users at risk

Browser extensions can be a great way to boost your productivity while browsing. Chrome, which is the most popular browser out there, supports a wide range of extensions, and so do other Chromium-based browsers. However, these extensions are not always beneficial. While many are helpful for blocking ads, finding the best deals or checking grammar errors, some can end up doing more harm than good.

I recently reported on a group of malicious extensions that were stealing user data, and now a new report has flagged 35 more suspicious ones. These browser extensions request unnecessary permissions and have been reported to collect and share everything you do online.

Join the FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up!

A recent investigation by John Tuckner, founder of Secure Annex, revealed concerns about 35 Chrome extensions, posing potential privacy and security risks. These extensions, many unlisted on the Chrome Web Store, were collectively installed over 4 million times. 

Many of these sketchy extensions presented themselves as tools for search assistance, ad-blocking, security monitoring or extension scanning but shared a connection to a single, unused domain, suggesting coordinated behavior. They all use the same code patterns, connect to some of the same servers and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs and execute scripts. 

What’s more concerning is that at least 10 of these extensions carried Google’s “Featured” badge, implying vetting for trustworthiness. This raises questions about Google’s review process, as the badge suggests compliance with high standards for user experience, privacy and security.

HOW TO STAY INCOGNITO AND CONCEAL YOUR NUMBER WHEN CALLING SOMEONE

The main concern is the level of access these extensions quietly request and how they use it. With permissions to read tabs, access cookies, intercept web requests and inject scripts into pages, they can monitor nearly everything you do in your browser. This includes tracking your browsing activity, observing login sessions and altering the content of websites you visit, all without your knowledge.

These extensions are not simply misconfigured tools. They appear to be intentionally designed with surveillance in mind. Many store their configuration data locally, which allows remote servers to update their behavior at any time. This setup is commonly seen in spyware, where changes can be made after installation without alerting the user. The code is heavily obfuscated, making it difficult for researchers to understand what the extensions are actually doing.

In some cases, the extensions appear to do nothing at all when clicked. However, they continue to send data in the background. For instance, the Fire Shield Extension Protection remained inactive until the researcher manually triggered it with a specific extension ID. Only then did it begin to transmit browsing activity and other data, revealing behavior that would be hard for an average user to detect.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

The 35 extensions are not publicly searchable on the Chrome Web Store, meaning they can only be installed via direct URLs. The full list of extensions is:

If you have installed one of the above-mentioned extensions on your browser, remove it as soon as possible. To remove an extension from Google Chrome on a desktop, follow these steps:

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

If you’re worried about the above extensions, here are five ways to safeguard your sensitive information and maintain your online privacy.

1) Keep your browser up to date: Chrome gets regular updates that get rid of most security issues. Make sure you turn on automatic updates for your browser (e.g., Chrome, Firefox, Edge) so you’re always running the latest version without thinking about it. See my guide on keeping your devices and apps updated for more information.

2) Install extensions only from trusted sources: Official browser stores like the Chrome Web Store have rules and scans to catch bad actors. They’re not perfect, but they are still a better option when compared to a random website on the internet. Extensions from unknown websites or third-party downloads are far more likely to hide malware or spyware. 

3) Have strong antivirus software: A good antivirus can warn you before you install malicious software, such as sketchy browser extensions. It can also alert you to phishing emails and ransomware scams, helping keep your personal information and digital assets safe. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Be skeptical of extensions requesting unnecessary access: Some extensions overreach on purpose. A calculator tool asking for your browsing history or a weather app wanting your login data is a huge red flag.

Before installing, ask, “Does this permission match the extension’s job?” If the answer’s no, don’t install it. Watch out for broad permissions like “Read and change all your data on websites you visit” unless it’s clearly justified (e.g., a password manager). If an update suddenly adds new permission requests, dig into why. It might mean the extension has been sold or hacked.

5) Change your passwords and do it safely: If you’ve ever saved passwords in your browser (e.g., via Chrome’s built-in password manager or the “Save Password” prompt), those credentials could be at risk if a malicious extension was installed. These built-in managers store passwords locally or in your Google, Microsoft or Firefox account, and a compromised browser can give bad actors a way in.

This doesn’t typically apply to dedicated password manager extensions, which encrypt your data independently and don’t rely on browser storage. However, if you’re unsure whether an extension has been compromised, it’s always smart to update your master password and enable two-factor authentication. 

For maximum safety, change your most important passwords (email, bank, shopping, cloud services) from a different, secure device, such as your phone or another computer, where the questionable extension was never installed. Avoid using the same browser that may have been exposed. Then consider switching to a password manager to create and store strong, unique logins going forward. I’ve reviewed the top options in my best password managers of 2025 guide. See which one fits your needs best.

The fact that several of these extensions carried Google’s own “Featured” badge should serve as a wake-up call. It points to a serious lapse in oversight and raises concerns about how thorough Chrome’s extension review process actually is. When millions of users unknowingly install spyware under the impression that it has been vetted and approved, the issue is no longer just about bad actors. It reflects a deeper failure within the platform itself. Google needs to take stronger responsibility by improving transparency and tightening its review standards. 

Do you think browser makers like Google should be held more accountable for what gets published in their stores? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.