SECURITY researchers have identified more than 300 Chrome extensions that leak browser data, spy on users, or steal information, affecting over 37 million downloads in total. The analysis found 287 extensions transmitting users’ browsing history or search engine results pages, with about 27.2 million users having installed 153 extensions confirmed to leak history on installation.
Some extensions expose data on unsecured networks or send it to collection servers for monetisation or other purposes, while others operate with malicious intent. The researchers linked the extensions to 32 entities and flagged more than 200 additional extensions as suspicious due to shared author details, with four scrapers connecting to a honeypot set up for the study.
According to LayerX, a separate report details 30 Chrome extensions with over 260,000 downloads that inject iframes to manipulate content and steal browser data, including 15 extensions targeting Gmail. The findings suggest the possibility of a data broker playing a direct role in monetising these applications, a claim noted by the researchers.