A new report has revealed that 57 Chrome extensions, used by over 6 million people, have risky hidden features. These extensions can track your browsing activity, access cookies, and even run code remotely on websites you visit.
The researcher who found them, John Tuckner from Secure Annex, says these extensions are not visible on the Chrome Web Store. You cannot find them by searching. They can only be installed if someone shares the direct link.
Usually, such hidden extensions are used for private work, like company tools or testing. But in this case, it looks like bad actors are promoting them using ads and shady websites.
Tuckner first noticed a suspicious extension called Fire Shield Extension Protection. It had hidden code and was sending data to an external server. From that server, which used the domain “unknow.com”, he found more extensions that behaved the same way.
Most of them claimed to offer ad-blocking or privacy tools. But they actually asked for too many permissions. These extensions could:
- Read your cookies (including login tokens)
- Track your browsing
- Change your search engine
- Inject hidden code into the pages you visit
- Enable remote tracking features
Even though the researcher did not see any of them stealing passwords, the permissions and the secretive code were enough to raise red flags. He said some of them could even see your top visited sites, open or close tabs, and run commands when needed. That is not what a simple ad-blocker should be doing.
Today, the number of such extensions found has reached 57. Some are public, while others are still hidden. Many have been removed from the Chrome Web Store after the report, but some are still live.
Here are a few with high user counts:
- Cuponomia – Coupon and Cashback (700,000 users, public)
- Fire Shield Extension Protection (300,000 users, unlisted)
- Total Safety for Chrome™ (300,000 users, unlisted)
- Protecto for Chrome™ (200,000 users, unlisted)
- Browser WatchDog for Chrome (200,000 users, public)
- Securify for Chrome™ (200,000 users, unlisted)
- Browser Checkup for Chrome by Doctor (200,000 users, public)
- Choose Your Chrome Tools (200,000 users, unlisted)
Check full list here
If you are using any of these, you should remove them right away. Also, change your passwords just to be safe.
Google has said that they are looking into the report.
