108 Chrome extensions quietly exfiltrate data and inject ads across sites — remove them now
TL;DR Summary
Security researchers found 108 malicious Chrome extensions—designed as games, utilities, or add-ons—that quietly siphon user data and inject ads across every site. Despite different publishers, all stolen data is sent to a single command-and-control server; 54 extensions harvest Gmail addresses, full names, and Google 'sub' IDs to build a persistent profile. If you have any of these extensions installed, delete them via Chrome or Edge extensions manager. To stay safe, download only trusted extensions, inspect permissions, enable Enhanced Safe Browsing, and consider antivirus and identity protection to guard against similar threats.
- 108 malicious Chrome extensions found stealing data and injecting ads into every page you visit — delete them right now Tom's Guide
- Google Attack Warning—Chrome Hackers Target Gmail And YouTube Users Forbes
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users The Hacker News
- These 4 Chrome extensions started clean, then turned into malware How-To Geek
- Over 100 Chrome extensions flagged for stealing user data, sessions, or running backdoors Cybernews
Reading Insights
Total Reads
0
Unique Readers
22
Time Saved
81 min
vs 82 min read
Condensed
99%
16,343 → 91 words
Want the full story? Read the original article
Read on Tom's Guide